[
Date Prev
][
Date Next
] [
Thread Prev
][
Thread Next
] [
Date Index
] [
Thread Index
]
Re: [BSA-114] Security update for wordpress
To
:
deb@hasig.de
Cc
: Rodrigo Campos <
rodrigo@sdfg.com.ar
>, Michael Howe <
michael@michaelhowe.org
>, Craig Small <
csmall@debian.org
>,
debian-backports@lists.debian.org
Subject
: Re: [BSA-114] Security update for wordpress
From
: Jan Ingvoldstad <
frettled@gmail.com
>
Date
: Tue, 7 Feb 2017 08:42:02 +0100
Message-id
: <
[🔎]
CAEffzkxjsh3yXKqpXi8iYDQGcN9YefGAxUGK6nrffXz7d-PrAw@mail.gmail.com
>
In-reply-to
: <
[🔎]
fc614674-c137-fbb0-f3ac-d999ba612e4b@hasig.de
>
References
: <20170123073904.smt5him4toexhfzg@enc.com.au> <20170130150009.GW10047@michaelhowe.org> <
[🔎]
20170207005530.GF2477@sdfg.com.ar
> <
[🔎]
fc614674-c137-fbb0-f3ac-d999ba612e4b@hasig.de
>
On Tue, Feb 7, 2017 at 4:24 AM,
<
deb@hasig.de
>
wrote:
hi,
isnt 4.7.1 highliy hackable?
Correct, this is due to a feature introduced in 4.7.
If 4.7.2 cannot be pushed out, the most recent 4.6 with the most recent security patches should.
4.7 or 4.7.1 *must be avoided* as they introduce a very bad remote command execution vulnerability.
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
--
Jan
Reply to:
debian-backports@lists.debian.org
Jan Ingvoldstad (on-list)
Jan Ingvoldstad (off-list)
References
:
Re: [BSA-114] Security update for wordpress
From:
Rodrigo Campos <rodrigo@sdfg.com.ar>
Re: [BSA-114] Security update for wordpress
From:
deb@hasig.de
Prev by Date:
Re: [BSA-114] Security update for wordpress
Next by Date:
Re: Broken (jessie) backports
Previous by thread:
Re: [BSA-114] Security update for wordpress
Next by thread:
Re: [BSA-114] Security update for wordpress
Index(es):
Date
Thread