[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Candidates for removal from testing (2013-01-24)

Le vendredi 25 janvier 2013 à 07:15 +0100, Christian PERRIER a écrit : 
> Quoting Niels Thykier (niels@thykier.net):
> > Pierre Chifflier <pollux@debian.org>
> >    glpi
> I looked briefly at the RC bug for glpi (#694642). It seems that an
> embedded Flash file provided with the package has a security issue.

It does, however:
- the SWF file is not used from the JS library, which points directly to
the upstream site (ugh),
- the code that makes use of it is not used from anywhere in the GLPI
code itself (re-ugh).

So all in all it is ugly (as in most PHP webapps), but it doesn’t seem
release-critical to me.

 .''`.      Josselin Mouette
: :' :
`. `'

Reply to: