Hi all, the problems occured for dotclear package and I removed theses swf files from doctlear package. And there were exploit with swfupload. There seems to be fixed with wordpress but I think it's a good idea to remove that stuff.
As far as I understand, I think the real problem with theses swf files is that they can not be build from a debian system. Would it not be a debian policy viloation ? Excuse me if my question is a bit stupid. Nicolas 2014-01-27 Bastien ROUCARIES <roucaries.bast...@gmail.com> > > Le 27 janv. 2014 00:26, "Raphael Hertzog" <hert...@debian.org> a écrit : > > > > > Hello Bastien, > > > > On Sun, 26 Jan 2014, bastien ROUCARIES wrote: > > > X-Debbugs-CC: ftpmas...@debian.org > > > > I still don't understand why you CC ftpmasters. Care to explain me? > > See private mail > > > > > > wordpress 3.8.1+dfsg-1 (source) > > > > > > wp-includes/js/mediaelement/flashmediaelement.swf > > > > This one needs investigation. > > > > It comes from https://github.com/johndyer/mediaelement/ and is licensed > > under a MIT license. http://mediaelementjs.com/ > > > > We should probably ship the code in debian/missing-sources/ and prod > > wordpress upstream's that they must add it to > > http://code.svn.wordpress.org/wordpress-sources/ > > > > Current wordpress ships version 2.13.0 of that library. > > > > > wp-includes/js/plupload/plupload.flash.swf > > > > The sources are in debian/missing-sources/plupload-1.5.7/flash/ > Care to add Lintian override with comments pointing to it ? > > > > wp-includes/js/swfupload/swfupload.swf > > > debian/missing-sources/swfupload-2.2.0.1/Flash/swfupload.swf > > > > Your check found the directory where the sources are: > > debian/missing-sources/swfupload-2.2.0.1/Flash/ > OK > > > wp-includes/js/tinymce/plugins/media/moxieplayer.swf > > > > This one needs investigation. Sources are at > > https://github.com/moxiecode/moxieplayer but it looks like > > it's only needed as part of some fallback mechanism when <video> > > doesn't work. > > > > Maybe we can just drop it (the packaged tinymce drops it too). > As you want maybe ask tiny MCE to package moxieplayer and re add it ? > > Thanks > > Bastien > > > Cheers, > > -- > > Raphaël Hertzog ◈ Debian Developer > > > > Discover the Debian Administrator's Handbook: > > → http://debian-handbook.info/get/ > >
