On Fri, Jan 25, 2013 at 07:15:43AM +0100, Christian PERRIER wrote: > Quoting Niels Thykier (niels@thykier.net): > > > Pierre Chifflier <pollux@debian.org> > > glpi > > I looked briefly at the RC bug for glpi (#694642). It seems that an > embedded Flash file provided with the package has a security issue. > > I have no clue at all if this .swf file is of critical use for GLPI > (from the directory tree, it seems to be provided in a "resource" > directory, so maybe not of big importance)..... > > Still, it would be sad to have GLPI disappear from Debian for this, as > this is one of the good free implementations of computer asset > management systems and quite widely popular in France. > > Pierre, have you noticed that? I dont see any contribution of yours in > #694642, so you may have missed this release critical bug.... > > Hi, Sadly, I just discovered this bug. I have checked my mailbox, but have found no trace of any received mail, maybe because it was reaffected to glpi after another package ? Anyway, I'm working on it to have glpi fixed today or in the next few days. glpi embeds a copy of extjs, I think the best fix will be to remove it and replace it by symlinks to the proper Debian package. I would like to ask the release team not to remove glpi, for the reasons Christian gave. Regards, Pierre
Attachment:
signature.asc
Description: Digital signature