Ubuntu
spip package

  1. Impish (21.10)
  2. Bug #1971185
  3. Comment #8

Comment 8 for bug 1971185

Revision history for this message
Seth Arnold (seth-arnold) wrote : Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy

Hello Luís, 4.5MB feels pretty unlikely for a security fix; the diffstat on that debdiff is all over the place:

$ diffstat spip_focal.debdiff
 /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-audio-ogg.swf |binary
 /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-audio.swf |binary
 /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video-hls.swf |binary
 /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video-mdash.swf |binary
 /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video.swf |binary
 spip-3.2.15/.gitignore | 129
 spip-3.2.15/CHANGELOG.TXT | 318 +
 spip-3.2.15/config/ecran_securite.php | 23
...

Normally security fixes add patches to debian/patches/ directory, modify a debian/patches/series file, modifies the debian/changelog. It's very rare to modify files outside of this hierarchy (except for 'native packages', but those don't typically have version numbers this complex).

Could you double-check that you've prepared the patches that you thought you prepared?

Thanks