On Mon, 2009-11-09 at 21:11 -0800, Ryan Niebur wrote: > > Two security issues. Here's the changelog entry: > > > > libjson-ruby (1.1.2-1+lenny1) stable-proposed-updates; urgency=low > > > > * Security Fix for JSON::Pure::Parser. A specially designed string > > could cause catastrophic backtracking in one of the parser's regular > > expressions. (fixed upstream in version 1.1.7) > > * Use the version of prototype.js from libjs-prototype. The included > > version had a security issue. (Closes: #555224, #555223)
Apologies for not getting back to you sooner. We've been discussing how to handle the prototype updates and will most likely approve this update but would like to confirm a couple of things first: a) that the current embedded copy of prototype is an unmodified version from prototype upstream and b) the package has been tested to ensure it operates correctly with the new version of prototype on the relevant Debian release. I have one small query specific to this update: > > +binary-install/libjson-ruby-doc:: > > + rm > > $(BASEDIR)/libjson-ruby-doc/usr/share/doc/libjson-ruby-doc/examples/prototype.js > > + ln -s /usr/share/javascript/prototype/prototype.js > > $(BASEDIR)/libjson-ruby-doc/usr/share/doc/libjson-ruby-doc/examples/prototype.js > > + dh_link -plibjson-ruby-doc There doesn't appear to be a debian/libjson-ruby-doc.links (or indeed debian/*.links) so the dh_link call appears to redundant. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
