Bug#925314: marked as done (unblock: wordpress/5.0.3+dfsg1-1)
Your message dated Sun, 5 May 2019 14:47:42 +0200
with message-id <20190505124740.nngmer3ck4pkfis4@debian.org>
and subject line Re: Bug#925314: unblock: wordpress/5.0.3+dfsg1-1
has caused the Debian Bug report #925314,
regarding unblock: wordpress/5.0.3+dfsg1-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
925314: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925314
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: wordpress/5.0.3+dfsg1-1
- From: Craig Small <csmall@debian.org>
- Date: Sat, 23 Mar 2019 09:30:32 +1100
- Message-id: <155329383207.11546.4635371840062861721.reportbug@elmo.localnet>
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package wordpress
WordPress 5.0.3 has a security bug #924546 which was fixed in upstream
version 5.1.1 [1]
Sid has 5.1.1 which has this fix, however it also has all the
non-security fixes of 5.1 as well.
For stretch, there is a patch ready to go for 4.7.5, seen at [2] that
covers only the security fixes.
If Buster was released, I'd prepare a security patch that would be
almost-identical to the Stretch fix, taken from [3] which is where
upstream tracks 5.0.x releases, using changeset 44835 and 44844.
So, we have a few options:
1) Update Buster WordPress 5.0.3 to 5.0.4 which is the security fixes
2) Make a security release for Buster, effectively what (1) is with
different version numbers
3) Update Buster to follow Sid, which is a major update, 5.1.1
4) Do nothing and wait until Buster is released and then fix it.
I haven't prepared differences yet because depending on the answer you
get a different debdiff.
- Craig
1: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
2: https://salsa.debian.org/debian/wordpress/commit/a903dc48fb4177b15642c2c50912de50adb77c73
3: https://core.trac.wordpress.org/log/branches/5.0
unblock wordpress/5.0.3+dfsg1-1
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Hi,
On Wed, May 01, 2019 at 03:41:39PM +0200, Paul Gevers wrote:
> Control: tags -1 - moreinfo
>
> On Mon, 8 Apr 2019 17:25:24 +0200 Ivo De Decker <ivodd@debian.org> wrote:
> > Remove the moreinfo tag from this bug once the upload is in t-p-u.
>
> Somehow forgotten as the upload happened on 2019-04-18.
Thanks for spotting this. Unblocked the version from t-p-u.
Ivo
--- End Message ---
Reply to: