[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: mantis (updated package)

Paul Wise wrote:
> > On Thu, Dec 31, 2009 at 6:41 AM, sils <sils@powered-by-linux.com> wrote:
> >
>> >> #555264 was reported from a mass-filing advice, it was about
>> >> prototypejs vulnerabilities, but it didn't affects to mantis, because
>> >> prototype.js file is not longer distributed in mantis debian package
>> >> since version 1.1.2+dfsg-1 (see changelog for more info [0]).
>> >>
>> >> Same thing applies to #555265, mantis do not embeds prototype.js in
>> >> debian distribution.
> >
> > In that case you can close the bug right now with a versioned -done
> >
> > http://www.debian.org/Bugs/Developer#closing

Thanks, it'll be better than a simple 'done', but i prefer to close them
when my maintainer status was set with the newest version i uploaded to
mentors, i suppose it's the right way to do it  :-)

> >
> > #555265 is still kind of valid since the source tarball still contains
> > prototype.js, please consult with the security team about that one.
> >
> > It seems there are several copies of jscalendar in the archive, you
> > might want to get that documented in the security team's
> > embedded-code-copies file and it added to lintian's warnings about
> > embedded Javascript files. Packaging it separately would be a good
> > idea too obviously.
> >

Yes, you're right, it will be better to consult security team to resolve
this issue as well. It is appreciate to get some collab in this way,
thank you very much.

I will wait for the revision, the comments or anything about the new
version of this package, till it will be accepted to upload into
repositories, then I would be able to work with other pending bugs or
other actions.

Thanks, really, for your help.

Kinds regards,


ps: paul, i beg your pardon because of twice reply.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: