[Secure-testing-team] Bug#762523: Multiple embedded code copies, missing sources

David Prévot taffit at debian.org
Tue Sep 23 04:55:54 UTC 2014


Source: wordpress
Severity: important
Tags: security

Hi,

I just noticed that the wordpress package embeds since ages in
/usr/share/wordpress/wp-includes/ID3 a copy of the php-getid3 code
instead of depending on the Debian package.

Also, /usr/share/wordpress/wp-includes/js/mediaelement contains a copy
of the recently uploaded libjs-mediaelement, and that copy includes
sourceless (and a priori even unbuildable) Flash and Silverlight
binaries.

Maybe a complete review would be worth it before Jessie gets released
(I saw other JS bits, some seemed to be handled via dh-linktree, not
sure all were, just focused on some parts I’m currently packaging).

Regards

David

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20140923/f70a0754/attachment.sig>


More information about the Secure-testing-team mailing list