Hi! On Sun, Nov 15, 2009 at 08:38:04PM +0000, Adam D. Barratt wrote: > On Mon, 2009-11-09 at 21:11 -0800, Ryan Niebur wrote: > > > Two security issues. Here's the changelog entry: > > > > > > libjson-ruby (1.1.2-1+lenny1) stable-proposed-updates; urgency=low > > > > > > * Security Fix for JSON::Pure::Parser. A specially designed string > > > could cause catastrophic backtracking in one of the parser's regular > > > expressions. (fixed upstream in version 1.1.7) > > > * Use the version of prototype.js from libjs-prototype. The included > > > version had a security issue. (Closes: #555224, #555223) > > Apologies for not getting back to you sooner. > I took longer to respond, so np. :) > We've been discussing how to handle the prototype updates and will most > likely approve this update but would like to confirm a couple of things > first: > > a) that the current embedded copy of prototype is an unmodified version > from prototype upstream and > yep. > b) the package has been tested to ensure it operates correctly with the > new version of prototype on the relevant Debian release. > okay. > I have one small query specific to this update: > > > > +binary-install/libjson-ruby-doc:: > > > + rm $(BASEDIR)/libjson-ruby-doc/usr/share/doc/libjson-ruby-doc/examples/prototype.js > > > + ln -s /usr/share/javascript/prototype/prototype.js $(BASEDIR)/libjson-ruby-doc/usr/share/doc/libjson-ruby-doc/examples/prototype.js > > > + dh_link -plibjson-ruby-doc > > There doesn't appear to be a debian/libjson-ruby-doc.links (or indeed > debian/*.links) so the dh_link call appears to redundant. > it changes the symlinks I created (which were absolute) into relative symlinks to comply with policy. should I upload this? Cheers, Ryan -- _________________________ Ryan Niebur ryanryan52@gmail.com
Attachment:
signature.asc
Description: Digital signature