Re: Candidates for removal from testing (2013-01-24)
Le vendredi 25 janvier 2013 à 07:15 +0100, Christian PERRIER a écrit :
> Quoting Niels Thykier (niels@thykier.net):
>
> > Pierre Chifflier <pollux@debian.org>
> > glpi
>
> I looked briefly at the RC bug for glpi (#694642). It seems that an
> embedded Flash file provided with the package has a security issue.
It does, however:
- the SWF file is not used from the JS library, which points directly to
the upstream site (ugh),
- the code that makes use of it is not used from anywhere in the GLPI
code itself (re-ugh).
So all in all it is ugly (as in most PHP webapps), but it doesn’t seem
release-critical to me.
--
.''`. Josselin Mouette
: :' :
`. `'
`-
Reply to: