Bug#698925: unblock: glpi/0.83.31-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#698925: unblock: glpi/0.83.31-2
From: Pierre Chifflier <pollux@debian.org>
Date: Fri, 25 Jan 2013 11:51:27 +0100
Message-id: <20130125105127.16948.74780.reportbug@ks26688.kimsufi.com>
Reply-to: Pierre Chifflier <pollux@debian.org>, 698925@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package glpi

This fixes a security issue, and should allow glpi not to be removed
from wheezy.

Changelog:
 glpi (0.83.31-2) unstable; urgency=high
 .
   * Security fixes:
     Replace embedded copy of extjs by Debian package, the embedded one
     contains a flash file built with a vulnerable version of yui
(charts.swf).
     (Closes: #694642)
   * Urgency high, this is a RC bug

Full debdiff attached.

Regards,
Pierre

unblock glpi/0.83.31-2

-- System Information:
Debian Release: 6.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32.55.pollux-grsec (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru glpi-0.83.31/debian/changelog glpi-0.83.31/debian/changelog
--- glpi-0.83.31/debian/changelog	2012-07-22 21:47:52.000000000 +0200
+++ glpi-0.83.31/debian/changelog	2013-01-25 11:37:11.000000000 +0100
@@ -1,3 +1,13 @@
+glpi (0.83.31-2) unstable; urgency=high
+
+  * Security fixes:
+    Replace embedded copy of extjs by Debian package, the embedded one
+    contains a flash file built with a vulnerable version of yui (charts.swf).
+    (Closes: #694642)
+  * Urgency high, this is a RC bug
+
+ -- Pierre Chifflier <pollux@debian.org>  Fri, 25 Jan 2013 11:37:09 +0100
+
 glpi (0.83.31-1) unstable; urgency=medium
 
   * Imported Upstream version 0.83.31
diff -Nru glpi-0.83.31/debian/control glpi-0.83.31/debian/control
--- glpi-0.83.31/debian/control	2012-03-10 11:37:14.000000000 +0100
+++ glpi-0.83.31/debian/control	2013-01-25 11:32:56.000000000 +0100
@@ -15,6 +15,7 @@
     ttf-freefont,
     tinymce,
     libphp-phpmailer,
+    libjs-extjs,
     ${misc:Depends}
 Description: IT and Asset management software
  GLPI stands for "Gestionnaire libre de parc informatique",
diff -Nru glpi-0.83.31/debian/rules glpi-0.83.31/debian/rules
--- glpi-0.83.31/debian/rules	2012-04-28 16:58:14.000000000 +0200
+++ glpi-0.83.31/debian/rules	2013-01-25 11:34:15.000000000 +0100
@@ -67,6 +67,8 @@
 	rm -rf $(DESTDIR)/usr/share/glpi/lib/phpcas
 	rm -rf $(DESTDIR)/usr/share/glpi/lib/tiny_mce
 	rm -rf $(DESTDIR)/usr/share/glpi/lib/phpmailer
+	rm -rf $(DESTDIR)/usr/share/glpi/lib/extjs; \
+	ln -s /usr/share/javascript/extjs $(DESTDIR)/usr/share/glpi/lib/extjs
 
 build-arch: build
 build-indep: build

Reply to:

Follow-Ups:
- Processed: Re: Bug#698925: unblock: glpi/0.83.31-2
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#698925: unblock: glpi/0.83.31-2
  - From: Niels Thykier <niels@thykier.net>
- Processed: Re: Bug#698925: unblock: glpi/0.83.31-2
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Candidates for removal from testing (2013-01-24)
Next by Date: Processed: Re: Bug#698925: unblock: glpi/0.83.31-2
Previous by thread: Bug#698915: unblock: php5/5.4.4-12
Next by thread: Processed: Re: Bug#698925: unblock: glpi/0.83.31-2
Index(es):
- Date
- Thread