Re: Proposed mass prototypejs bug filing for multiple security issues
On Mon, 26 Oct 2009 14:04:06 -0500, Adam Majer wrote:
> On Sun, Oct 18, 2009 at 08:43:35PM -0400, Michael S Gilbert wrote:
> > Here are the affected source packages:
> > - rails <unfixed> (embed)
>
> ~$ apt-file list rails | grep prototype.js
> rails:
> /usr/share/rails/actionpack/test/fixtures/public/javascripts/prototype.js
> rails: /usr/share/rails/railties/html/javascripts/prototype.js
>
> -rw-r--r-- 1 root root 15 2009-09-21 13:03
> /usr/share/rails/actionpack/test/fixtures/public/javascripts/prototype.js
>
> lrwxrwxrwx 1 root root 45 2009-09-21 13:38
> /usr/share/rails/railties/html/javascripts/prototype.js ->
> ../../../../javascript/prototype/prototype.js
Thank you very much for the info on the rails package. This makes one
less bug to deal with.
> This is from rails in testing/sid. In stable the package depends on
> the prototype package too.
I was hoping that the statement in my original message, "...the only
checking done so far is a version comparison...," would be clear. 32
different packages are a lot to deal with, and I am expecting
maintainers to do the real legwork since they are responsible for their
own code.
> I'm not sure how you get the "unfixed" and (embed). Seems a little rushed.
That list was taken from the secure-testing tracker's embedded code
copies list, which is hard to keep up to date and accurate. It could
use some more care and better maintaining; but code copies are
plentiful, making it very difficult to track progress on all of them.
I have not yet sent any reports because I am still in the process of
generating a more accurate list.
Mike
Reply to: