[Debian-med-packaging] Bug#884525: mobyle: Mobyle javascript includes Google analytics beacon
tomás zerolo
tomas at tuxteam.de
Sat Dec 16 10:22:41 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Source: mobyle
Version: 1.5.5
Severity: grave
Tags: upstream security
Justification: user security hole
In file Src/Portal/htdocs/MobylePortal/js/mobyle_ga.js, there is a
Google analytics beacon prepared to "phone home": I don't think
this should be part of a Debian package by default.
- -- System Information:
Debian Release: 9.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlo08/EACgkQBcgs9XrR2kb+LQCdGxgHG4M68aekParzcogEFUST
U9gAn2vYBZFC5g1dHOj0+BuwVvjrlTmr
=iVQS
-----END PGP SIGNATURE-----
More information about the Debian-med-packaging
mailing list