Bug#555244: exaile: diff for NMU version 0.2.14+debian-2.1

Wed, 18 Nov 2009 05:41:26 -0800 

tags 555244 + patch
thanks

Dear maintainer,

I've prepared an NMU for exaile (versioned as 0.2.14+debian-2.1) and
uploaded it to DELAYED/5 to fix the outstanding security issue. Please
feel free to tell me if I should delay it longer.

Regards,
Hauke

diff -u exaile-0.2.14+debian/debian/control exaile-0.2.14+debian/debian/control
--- exaile-0.2.14+debian/debian/control
+++ exaile-0.2.14+debian/debian/control
@@ -15,7 +15,8 @@
  libgstreamer0.10-0, gstreamer0.10-plugins-base, gstreamer0.10-plugins-good,
  python-gst0.10, gstreamer0.10-alsa | gstreamer0.10-esd,
  python-gtk2, python-glade2, python-dbus, python-pyvorbis,
- python-mutagen, python-elementtree, python-mmkeys, python-feedparser
+ python-mutagen, python-elementtree, python-mmkeys, python-feedparser,
+ libjs-prototype
 Recommends: gstreamer0.10-plugins-ugly, python-cddb, python-eggtrayicon,
  streamripper, python-gpod, python-gamin, python-notify, python-gtkmozembed
 Description: flexible audio player, similar to Amarok, but written in GTK+
diff -u exaile-0.2.14+debian/debian/changelog exaile-0.2.14+debian/debian/changelog
--- exaile-0.2.14+debian/debian/changelog
+++ exaile-0.2.14+debian/debian/changelog
@@ -1,3 +1,12 @@
+exaile (0.2.14+debian-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix "CVE-2007-2383 and CVE-2008-7720 prototypejs vulnerabilities"
+    by removing the embedded copy and linking to libjs-prototype
+    (Closes: #555244)
+
+ -- Jan Hauke Rahm <j...@debian.org>  Wed, 18 Nov 2009 12:42:46 +0100
+
 exaile (0.2.14+debian-2) unstable; urgency=low
 
   * Rely on python to import feedparser (Closes: #525598).
diff -u exaile-0.2.14+debian/debian/rules exaile-0.2.14+debian/debian/rules
--- exaile-0.2.14+debian/debian/rules
+++ exaile-0.2.14+debian/debian/rules
@@ -40,6 +40,8 @@
 	rm -f $(DESTDIR)/usr/lib/exaile/lib/feedparser.py
 	# Remove windows only plugin
 	rm -f $(DESTDIR)/usr/lib/exaile/plugins/win32-mmkeys.py
+	# Remove embedded copy of prototype and link it instead
+	$(RM) $(DESTDIR)/usr/lib/exaile/plugins/httpserver/data/prototype.js
 
 binary-arch: build install
 binary-indep: build install
only in patch2:
unchanged:
--- exaile-0.2.14+debian.orig/debian/links
+++ exaile-0.2.14+debian/debian/links
@@ -0,0 +1 @@
+/usr/share/javascript/prototype/prototype.js /usr/share/pixelpost/templates/horizon/scripts/lib/prototype.js

Attachment: signature.asc
Description: Digital signature

Reply via email to