Re: Candidates for removal from testing (2013-01-24)

To: Christian PERRIER <bubulle@debian.org>
Cc: debian-devel@lists.debian.org, debian-release@lists.debian.org, Pierre Chifflier <pollux@debian.org>
Subject: Re: Candidates for removal from testing (2013-01-24)
From: Josselin Mouette <joss@debian.org>
Date: Fri, 25 Jan 2013 09:53:20 +0100
Message-id: <[🔎] 1359104000.27214.28.camel@pi0307572>
In-reply-to: <[🔎] 20130125061543.GM5723@mykerinos.kheops.frmug.org>
References: <[🔎] 20130124144708.58796200FF92B@thykier.net> <[🔎] 20130125061543.GM5723@mykerinos.kheops.frmug.org>

Le vendredi 25 janvier 2013 à 07:15 +0100, Christian PERRIER a écrit : 
> Quoting Niels Thykier (niels@thykier.net):
> 
> > Pierre Chifflier <pollux@debian.org>
> >    glpi
> 
> I looked briefly at the RC bug for glpi (#694642). It seems that an
> embedded Flash file provided with the package has a security issue.

It does, however:
- the SWF file is not used from the JS library, which points directly to
the upstream site (ugh),
- the code that makes use of it is not used from anywhere in the GLPI
code itself (re-ugh).

So all in all it is ugly (as in most PHP webapps), but it doesn’t seem
release-critical to me.

-- 
 .''`.      Josselin Mouette
: :' :
`. `'
  `-

Reply to:

Follow-Ups:
- Re: Candidates for removal from testing (2013-01-24)
  - From: Paul Wise <pabs@debian.org>

References:
- Candidates for removal from testing (2013-01-24)
  - From: niels@thykier.net (Niels Thykier)
- Re: Candidates for removal from testing (2013-01-24)
  - From: Christian PERRIER <bubulle@debian.org>

Prev by Date: Re: Candidates for removal from testing (2013-01-24)
Next by Date: Re: Candidates for removal from testing (2013-01-24)
Previous by thread: Re: Candidates for removal from testing (2013-01-24)
Next by thread: Re: Candidates for removal from testing (2013-01-24)
Index(es):
- Date
- Thread