Hi Craig I can see the following comments from you: + * Backport patches from 4.7.5 Closes: #862816 + CVEs to be added once issued + - CVE-2017-XXX + Insufficient redirect validation in the HTTP class. + (may not be vulnerable, no patch found)
The patch is available here: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11 Do this mean that the package is vulnerable? Wheezy is clearly vulnerable at least. Best regards // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- / [email protected] Folkebogatan 26 \ | [email protected] 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
