Re: Security update of Wordpress

Hi Brian, Ok thats something reasonably easy to reproduce unlike the zillion different upgrade paths which are tricky. Ill load one up and see what I get. - Craig On Sun, 21 Aug 2016, 12:56 PM Brian May wrote: > Craig Small writes: > > > Just to be clear,

Re: Security update of Wordpress

The problem with a blank screen means basically something went wrong, with that level of usefullness. So it could be the exact same problem OR it could be something completely different. Just to be clear, you installed 3.6.1+dfsg-1~deb7u1 from a clean system and had problems? - Craig

Re: Security update of Wordpress

On 16.08.2016 10:22, Brian May wrote: > Markus Koschany writes: > >> I also tried to fix CVE-2015-8834 for Wheezy by backporting >> changeset/32387 but the database upgrade failed, at least I could not >> log back into the admin backend again. Did you notice a similar issue >>

Re: Security update of Wordpress

It's probably best to compare the 4.1.12 upstream version and make sure it follows whatever they do there. That in theory has been tested. I'm surprised there was a database update skipped. And yes the security bug was around having comments too long. I forget the exact attack method but it was

Re: Security update of Wordpress

Markus Koschany writes: > I also tried to fix CVE-2015-8834 for Wheezy by backporting > changeset/32387 but the database upgrade failed, at least I could not > log back into the admin backend again. Did you notice a similar issue > for Jessie? I just had a look at this issue.