[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed mass prototypejs bug filing for multiple security issues

On Mon, 26 Oct 2009 14:04:06 -0500, Adam Majer wrote:
> On Sun, Oct 18, 2009 at 08:43:35PM -0400, Michael S Gilbert wrote:
> > Here are the affected source packages:
> >         - rails <unfixed> (embed)
> ~$ apt-file list rails | grep prototype.js
> rails:
> /usr/share/rails/actionpack/test/fixtures/public/javascripts/prototype.js
> rails: /usr/share/rails/railties/html/javascripts/prototype.js
> -rw-r--r-- 1 root root 15 2009-09-21 13:03
> /usr/share/rails/actionpack/test/fixtures/public/javascripts/prototype.js
> lrwxrwxrwx 1 root root 45 2009-09-21 13:38
> /usr/share/rails/railties/html/javascripts/prototype.js ->
> ../../../../javascript/prototype/prototype.js

Thank you very much for the info on the rails package.  This makes one
less bug to deal with.
> This is from rails in testing/sid. In stable the package depends on
> the prototype package too. 

I was hoping that the statement in my original message, "...the only
checking done so far is a version comparison...," would be clear.  32
different packages are a lot to deal with, and I am expecting
maintainers to do the real legwork since they are responsible for their
own code.

> I'm not sure how you get the "unfixed" and (embed). Seems a little rushed.

That list was taken from the secure-testing tracker's embedded code
copies list, which is hard to keep up to date and accurate.  It could
use some more care and better maintaining; but code copies are
plentiful, making it very difficult to track progress on all of them.

I have not yet sent any reports because I am still in the process of
generating a more accurate list.


Reply to: