Source: wordpress Severity: important Tags: security Hi,
I just noticed that the wordpress package embeds since ages in /usr/share/wordpress/wp-includes/ID3 a copy of the php-getid3 code instead of depending on the Debian package. Also, /usr/share/wordpress/wp-includes/js/mediaelement contains a copy of the recently uploaded libjs-mediaelement, and that copy includes sourceless (and a priori even unbuildable) Flash and Silverlight binaries. Maybe a complete review would be worth it before Jessie gets released (I saw other JS bits, some seemed to be handled via dh-linktree, not sure all were, just focused on some parts I’m currently packaging). Regards David -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (110, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
signature.asc
Description: Digital signature
