Paul Wise wrote: > > On Thu, Dec 31, 2009 at 6:41 AM, sils <sils@powered-by-linux.com> wrote: > > >> >> #555264 was reported from a mass-filing advice, it was about >> >> prototypejs vulnerabilities, but it didn't affects to mantis, because >> >> prototype.js file is not longer distributed in mantis debian package >> >> since version 1.1.2+dfsg-1 (see changelog for more info [0]). >> >> >> >> Same thing applies to #555265, mantis do not embeds prototype.js in >> >> debian distribution. > > > > In that case you can close the bug right now with a versioned -done message: > > > > http://www.debian.org/Bugs/Developer#closing Thanks, it'll be better than a simple 'done', but i prefer to close them when my maintainer status was set with the newest version i uploaded to mentors, i suppose it's the right way to do it :-) > > > > #555265 is still kind of valid since the source tarball still contains > > prototype.js, please consult with the security team about that one. > > > > It seems there are several copies of jscalendar in the archive, you > > might want to get that documented in the security team's > > embedded-code-copies file and it added to lintian's warnings about > > embedded Javascript files. Packaging it separately would be a good > > idea too obviously. > > Yes, you're right, it will be better to consult security team to resolve this issue as well. It is appreciate to get some collab in this way, thank you very much. I will wait for the revision, the comments or anything about the new version of this package, till it will be accepted to upload into repositories, then I would be able to work with other pending bugs or other actions. Thanks, really, for your help. Kinds regards, Sils ps: paul, i beg your pardon because of twice reply.
Attachment:
signature.asc
Description: OpenPGP digital signature