Hmm, I'm not too sure why I said it was fixed in that version. I think there was another bug that got fixed that looked like that one. Version 4.9.x of wordpress, when their release announcements were worth something...
On Thu, 17 Oct 2019 at 05:21, Markus Koschany <a...@debian.org> wrote: > Hello Craig, > > while I was preparing a Wordpress update for Jessie I discovered that > CVE-2018-14028 has not been fixed yet. The upstream ticket is still open > > https://core.trac.wordpress.org/ticket/44710 > > and there was no mention of a fix in the release changelog of version > 4.9.8. > > https://wordpress.org/support/wordpress-version/version-4.9.8/ > > I believe it is best to keep this bug report open until upstream closes > 44710 eventually. > > Regards, > > Markus > > > > > >
