[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2670-1] wordpress security update

On Wed, 07 Nov 2012, Thijs Kinkhorst wrote:
> I think we should do this only when it has been shown that applying the
> fixes to the current version in stable(-security) is infeasible. Suppose
> now a simple XSS is discovered, I would be very much in favour to just
> apply that fix.

I would as well. The trouble is that contrary to Django (for example),
upstream is not pointing out which commits are security relevant and
which versions are affected or not.

And there's zero support for older versions. So we're on our own (and I'm
not going to do all those investigations by myself).

Raphaël Hertzog ◈ Debian Developer

Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/

Reply to: