Package: mahara Version: 1.2.5-2 Severity: important The mahara package seems to include (and install) a copy of tinymce, which is already packaged separately. And apparently others, which it has lintian overrides for. That should be fixed, and is not an appropriate use of lintian overrides IMO. cc:ing debian-security-tracker so this can be added to the tracker. The lintian overrides say: # Mahara requires a version of Mochikit with extra patches applied to it. These patches # have not yet been part of an upstream release. mahara: embedded-javascript-library usr/share/mahara/js/MochiKit/MochiKit.js mahara: embedded-javascript-library usr/share/mahara/lib/pieforms/static/core/MochiKit/MochiKit.js # Mahara uses customised versions of these libraries mahara: embedded-javascript-library usr/share/mahara/js/tinymce/tiny_mce.js mahara: embedded-javascript-library usr/share/mahara/js/tinymce/tiny_mce_popup.js mahara: embedded-javascript-library usr/share/mahara/js/tinymce/tiny_mce_src.js mahara: embedded-php-library usr/share/mahara/lib/adodb/adodb.inc.php mahara: embedded-php-library usr/share/mahara/lib/phpmailer/class.phpmailer.php Cheers, Julien
Attachment:
signature.asc
Description: Digital signature