On sam., 2014-11-22 at 21:45 +0100, Yves-Alexis Perez wrote: > On Sat, 22 Nov 2014 19:13:26 +1100 Craig Small <csm...@debian.org> wrote: > > On Fri, Nov 21, 2014 at 08:19:03AM +0100, Salvatore Bonaccorso wrote: > > > Setting this as severity grave as it is mentioned as critical update. > > > See https://wordpress.org/news/2014/11/wordpress-4-0-1/ for details. > > Thanks for the heads-up, I knew it was out there but was waiting for > > some free time. Better to be sure anyhow! > > > > > There are no CVEs assigned yet for these issues. > > Oh good, I couldn't find any either and figured I was doing something > > wrong. > > > > The 4.0.1 should be pretty easy, it will take some time for backporting > > as that is a lot more fiddly as you know. > > > By the way, as 3.6 is now unsupported, would it make sense to update > stable to 3.7 (or later), like we did in DSA 2670-1, DSA 2718-1 and DSA > 2757-1?
Also, any idea where are the changes currently living in stable? I didn't found them in the git tree (http://anonscm.debian.org/cgit/collab-maint/wordpress.git/log/?h=wheezy) Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part