> Package: wordpress > Version: 2.5.1-1 > Severity: important > Tags: security > > Hi, > > Given the fact that wordpress has a long history of security bugs and > shipping > embedded code copies doesn't help at all the situation I decided to look at > the other non-wordpress code in the package. > [...] > It would be great to remove those embedded copies and use the packaged copies > (and if the software hasn't been packaged, package it and then use the > packaged version).
The way wordpress ships his libraries is absolutely prone to security problems, you're right. I'm working on a new package to make wordpress depend on all those libraries instead of shipping embedded copies. First of all I'll try to eliminate libraries with known and published CVEs so to have a package with no security problems. Thank you very much for your help. Cheers. Andrea De Iacovo.
signature.asc
Description: Questa รจ una parte del messaggio firmata digitalmente
