Package: gforge-plugins-extra Severity: serious Version: 4.7~rc2-5 Tags: security
Hi, By taking a look at the list of files shipped by gforge-plugins-extra I can easily see several scripts which are already in the Debian archive. I'm using 'serious' as the severity given the fact that in many of the already packaged scripts security issues have been found in the past. Examples: usr/share/gforge/plugins/webcalendar/ Package: webcalendar; 24 known security issues [1] usr/share/gforge/plugins/wiki/ Package: phpwiki; 7 known security issues [2] usr/share/gforge/plugins/wiki/www/lib/WikiDB/adodb/ Package: libphp-adodb; 5 known security issues [3] Note: phpwiki also ships its own copy of adodb, but that's a separate issue It would be great if the other scripts are individually packaged/maintained from their own upstreams. [1]http://security-tracker.debian.net/tracker/source-package/webcalendar [2]http://security-tracker.debian.net/tracker/source-package/phpwiki [3]http://security-tracker.debian.net/tracker/source-package/libphp-adodb Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
