Bug#555267: marked as done (otrs2: embeds prototype.js)
Your message dated Tue, 10 Nov 2009 19:47:59 +0000
with message-id <E1N7wh5-0004Q5-GW@ries.debian.org>
and subject line Bug#555267: fixed in otrs2 2.3.4-6
has caused the Debian Bug report #555267,
regarding otrs2: embeds prototype.js
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
555267: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555267
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
package: otrs2
version: 2.3.4-5
severity: important
tags: security
Hi,
Your package embeds prototype.js, which makes security updates very
cumbersome, difficult, and potentially error-prone. Please update your
package to make use of the system prototype.js provided by the
libjs-prototype binary package.
This is a mass-filing, and the only checking done so far is a version
comparison. If your package for some reason is not affected or already
uses the system prototype.js, please close this bug with a message
indicating that that is the case.
Thank you very much for your attention on this matter.
Mike
--- End Message ---
--- Begin Message ---
Source: otrs2
Source-Version: 2.3.4-6
We believe that the bug you reported is fixed in the latest version of
otrs2, which is due to be installed in the Debian FTP archive:
otrs2_2.3.4-6.diff.gz
to main/o/otrs2/otrs2_2.3.4-6.diff.gz
otrs2_2.3.4-6.dsc
to main/o/otrs2/otrs2_2.3.4-6.dsc
otrs2_2.3.4-6_all.deb
to main/o/otrs2/otrs2_2.3.4-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 555267@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <pmatthaei@debian.org> (supplier of updated otrs2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 10 Nov 2009 20:14:00 +0100
Source: otrs2
Binary: otrs2
Architecture: source all
Version: 2.3.4-6
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
otrs2 - Open Ticket Request System
Closes: 555266 555267
Changes:
otrs2 (2.3.4-6) unstable; urgency=high
.
* QA upload.
* Do not use the embedded copy of prototype.js anymore.
Closes: #555267
- This also fixes CVE-2007-2383 and CVE-2008-7220.
Closes: #555266
Checksums-Sha1:
2b14c97dc29fca0db3232922fd3f03176b666f9d 1131 otrs2_2.3.4-6.dsc
3db6e7f962130553fa273c77dfbd97f456f67128 23288 otrs2_2.3.4-6.diff.gz
e0307d2962a945cebe3b85548e4c709c519b7e8f 2566880 otrs2_2.3.4-6_all.deb
Checksums-Sha256:
818b951d95b3955197d4df463c59c70fde9ee60eadc79333b6f22d0937df3da1 1131 otrs2_2.3.4-6.dsc
69dd0816128a5a7b129926422337b2a0d93f9a76c5035a8184534712e111b834 23288 otrs2_2.3.4-6.diff.gz
3a0f61b4ed20dbb3768cd6b98a4bb58b7ea8360b8085b525d873df94ab64e90c 2566880 otrs2_2.3.4-6_all.deb
Files:
81c88f7213e882fa3b800284fa8dfc72 1131 web optional otrs2_2.3.4-6.dsc
68ff896f9840f59d1a41ebf28a94eb2d 23288 web optional otrs2_2.3.4-6.diff.gz
bc6d4eb2d6a8da5b3f2e1fd615123c99 2566880 web optional otrs2_2.3.4-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkr5vwYACgkQ2XA5inpabMfaRACfalFRCkbW64o3mP5jZCvpD8hW
AQUAoKjbJD01+2DPcYcYqWNVxa9UlH2T
=7Y7O
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: