Bug#698925: unblock: glpi/0.83.31-2
On Fri, Jan 25, 2013 at 12:20:36PM +0100, Niels Thykier wrote:
> Control: tags -1 moreinfo
>
> On 2013-01-25 11:51, Pierre Chifflier wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> >
> > Please unblock package glpi
> >
> > This fixes a security issue, and should allow glpi not to be removed
> > from wheezy.
> >
> > Changelog:
> > glpi (0.83.31-2) unstable; urgency=high
> > .
> > * Security fixes:
> > Replace embedded copy of extjs by Debian package, the embedded one
> > contains a flash file built with a vulnerable version of yui
> > (charts.swf).
> > (Closes: #694642)
> > * Urgency high, this is a RC bug
> >
> > Full debdiff attached.
> >
> > Regards,
> > Pierre
> >
> > unblock glpi/0.83.31-2
> >
> > [...]
>
> Hi,
>
> Paul Wise suggested that there are no sources for the affected files[1].
> If so, they should be removed from the source package[2].
>
Hi,
I will indeed remove the files from the source. I just did a minimal
diff for the inclusion in testing, to make sure the .swf file is not
included in binary packages, and make the source repackaging stuff in a
second step.
Regards,
Pierre
Reply to: