On Fri, Jan 25, 2013 at 12:20:36PM +0100, Niels Thykier wrote: > Control: tags -1 moreinfo > > On 2013-01-25 11:51, Pierre Chifflier wrote: > > Package: release.debian.org > > Severity: normal > > User: [email protected] > > Usertags: unblock > > > > Please unblock package glpi > > > > This fixes a security issue, and should allow glpi not to be removed > > from wheezy. > > > > Changelog: > > glpi (0.83.31-2) unstable; urgency=high > > . > > * Security fixes: > > Replace embedded copy of extjs by Debian package, the embedded one > > contains a flash file built with a vulnerable version of yui > > (charts.swf). > > (Closes: #694642) > > * Urgency high, this is a RC bug > > > > Full debdiff attached. > > > > Regards, > > Pierre > > > > unblock glpi/0.83.31-2 > > > > [...] > > Hi, > > Paul Wise suggested that there are no sources for the affected files[1]. > If so, they should be removed from the source package[2]. >
Hi, I will indeed remove the files from the source. I just did a minimal diff for the inclusion in testing, to make sure the .swf file is not included in binary packages, and make the source repackaging stuff in a second step. Regards, Pierre -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
