Hi, please add the following information to the list of embedded code copies:
prototypejs - libhtml-prototype-perl <unfixed> (embed; bug #538920) scriptaculous - libhtml-prototype-perl <unfixed> (embed; bug #538920) Note that the JavaScript libraries are included in the Perl module sources, so they are easy to miss. They are also quite outdated: the included prototype version is 1.4.0, the script.aculo.us library have a copyright year of 2005 (I did not see a version number). I suspect the included versions might also be affected by some recent security issues? At least CVE-2007-2383, CVE-2008-7220 look suspicious. Regards, Ansgar _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
