On Sun, May 15, 2005 at 10:52:04AM +0200, Moritz Muehlenhoff wrote: > this seems to describe the details of the vulnerability fixed in Wordpress > 1.5.1 and it roughly matches the description by "io_error": > http://www.mindblaze.net/articles/information-technology/security-breach-in-wordpress-15-rss-feeds-enclosures/
> However, I think that upstream's reaction renders Wordpress unusable for a > stable release. There have been several Wordpress security issues until now > and if they only provide fixed new upstream versions without giving details > the Security team cannot provide support for it. So I'd like suggest to remove > Wordpress from Sarge and support it through volatile.debian.net instead. I will certainly honor the opinion of the security team (or that of the maintainer) if they believe this package is one that can't be properly maintained security-wise; nevertheless, AIUI there is a disappointingly large number of packages in sarge whose upstreams apply similar policies to security issues, so I don't know that this particular package should be treated specially for that reason. -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
