Bug#602260: marked as done (typo3-src-4.3: assorted embedded code copies)

Sun, 10 Jul 2016 05:31:01 -0700 

Your message dated Sun, 10 Jul 2016 14:08:54 +0200
with message-id <[email protected]>
and subject line typo3-src has been removed from Debian
has caused the Debian Bug report #602260,
regarding typo3-src-4.3: assorted embedded code copies
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
602260: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602260
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: typo3-src-4.3
Version: 4.3.8-1
Severity: normal
Tags: security

typo3 has quite a few embedded code copies in contrib/. Some of these are
probably unavoidable, but extjs is packaged separately, and IMO swfobject
should be too.

typo3/contrib/flashmedia/swfobject
    Not packaged, http://code.google.com/p/swfobject/, RFP #601160
    Not really source code (it's been compressed with yui-compressor),
    and no source code here for expressInstall.swf (#591969), but source
    code exists.

typo3/contrib/extjs/
    libjs-extjs 3.0.0
    Appears to contain source code plus a compressed version

typo3/contrib/flashmedia/flvplayer.swf
    Origin unknown, no source code, see #591969

typo3/contrib/flashmedia/player.swf
    GPL'd with no source code present, see #591969

typo3/contrib/json
    Services_JSON, not packaged

typo3/contrib/jsmin
    A PHP port of jsmin, sadly non-free (#602250)

typo3/contrib/flashmedia/qtobject
    Non-free by omission, but probably intended to be free software:
    "There are no usage restrictions on this file, feel free to 
    distribute this code and associated files". I'll include this in
    #602250.

typo3/contrib/RemoveXSS
    Upstream website has disappeared, but at least it's Free (PD).
    I can't help feeling that this is not how you avoid cross-site scripting,
    though.

Code copies which have correctly been replaced by a symlink to packaged
versions include prototype and scriptaculous.

Regards,
    S

--- End Message ---
--- Begin Message --- 
Version: 4.5.40+dfsg1-1+rm

the obsolete and unsupported typo3 versions have been removed from
Debian long ago, closing the remaining bug reports now.


Andreas

--- End Message ---

Reply via email to