[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2670-1] wordpress security update

Hi,

On Tue, 06 Nov 2012, Dominic Hargreaves wrote:
> On Fri, May 11, 2012 at 10:41:14PM +0200, Yves-Alexis Perez wrote:
> > Several vulnerabilities were identified in Wordpress, a web blogging
> > tool.  As the CVEs were allocated from releases announcements and
> > specific fixes are usually not identified, it has been decided to
> > upgrade the Wordpress package to the latest upstream version instead
> > of backporting the patches.
> 
> > For the stable distribution (squeeze), those problems have been fixed in
> > version 3.3.2+dfsg-1~squeeze1.
> 
> Hi all,
> 
> Thanks for doing this! Do we have any idea whether the issues alluded to
> in
> 
> http://wordpress.org/news/2012/06/wordpress-3-4-1/
> and
> http://wordpress.org/news/2012/09/wordpress-3-4-2/
> 
> apply to 3.3 too?

I don't know, I did not investigate.

> Are there any plans to further upgrade squeeze in this manner?

I leave this to Yves-Alexis... It would be nice to formalize this
approach with the security team.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
Reply to: