Jessie update of wordpress?
Dear maintainers,
The Debian LTS team would like to fix the security issues which are
currently open in the Jessie version of wordpress:
https://security-tracker.debian.org/tracker/CVE-2018-20147
https://security-tracker.debian.org/tracker/CVE-2018-20148
https://security-tracker.debian.org/tracker/CVE-2018-20149 (less serious)
https://security-tracker.debian.org/tracker/CVE-2018-20150 (less serious)
https://security-tracker.debian.org/tracker/CVE-2018-20151
https://security-tracker.debian.org/tracker/CVE-2018-20152
https://security-tracker.debian.org/tracker/CVE-2018-20153
It is clear that some of the code fixes in 5.0.1 do not apply to the
version in jessie but it was not trivial to map that to the CVE as the
CVE data do not tell what files has been changed.
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined here:
https://wiki.debian.org/LTS/Development
If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org
(via a debdiff, or with an URL pointing to the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.
If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of wordpress updates
for the LTS releases.
Thank you very much.
Ola Lundqvist,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt
Reply to: