Bug#925314: unblock: wordpress/5.0.3+dfsg1-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package wordpress
WordPress 5.0.3 has a security bug #924546 which was fixed in upstream
version 5.1.1 [1]
Sid has 5.1.1 which has this fix, however it also has all the
non-security fixes of 5.1 as well.
For stretch, there is a patch ready to go for 4.7.5, seen at [2] that
covers only the security fixes.
If Buster was released, I'd prepare a security patch that would be
almost-identical to the Stretch fix, taken from [3] which is where
upstream tracks 5.0.x releases, using changeset 44835 and 44844.
So, we have a few options:
1) Update Buster WordPress 5.0.3 to 5.0.4 which is the security fixes
2) Make a security release for Buster, effectively what (1) is with
different version numbers
3) Update Buster to follow Sid, which is a major update, 5.1.1
4) Do nothing and wait until Buster is released and then fix it.
I haven't prepared differences yet because depending on the answer you
get a different debdiff.
- Craig
1: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
2: https://salsa.debian.org/debian/wordpress/commit/a903dc48fb4177b15642c2c50912de50adb77c73
3: https://core.trac.wordpress.org/log/branches/5.0
unblock wordpress/5.0.3+dfsg1-1
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: