>> Because in DSA-1285-1 the security team uploaded a new upstream security >> release, 2.0.10-1, and that issue was fixed in 2.1.3 and 2.0.10 (legacy >> version). > > ok, i can't find that claimed in the 2.0.10 etch package nor in any of > the upstream announcements, and there are no code references from mitre > to check against. perhaps i have missed something or you have verified > against the proof-of-concept?
perhaps this is the commit you've checked against [0]? that seems to be for 2007-1622. [0] http://core.trac.wordpress.org/ticket/4092 _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
