Bug#698925: unblock: glpi/0.83.31-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package glpi
This fixes a security issue, and should allow glpi not to be removed
from wheezy.
Changelog:
glpi (0.83.31-2) unstable; urgency=high
.
* Security fixes:
Replace embedded copy of extjs by Debian package, the embedded one
contains a flash file built with a vulnerable version of yui
(charts.swf).
(Closes: #694642)
* Urgency high, this is a RC bug
Full debdiff attached.
Regards,
Pierre
unblock glpi/0.83.31-2
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32.55.pollux-grsec (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru glpi-0.83.31/debian/changelog glpi-0.83.31/debian/changelog
--- glpi-0.83.31/debian/changelog 2012-07-22 21:47:52.000000000 +0200
+++ glpi-0.83.31/debian/changelog 2013-01-25 11:37:11.000000000 +0100
@@ -1,3 +1,13 @@
+glpi (0.83.31-2) unstable; urgency=high
+
+ * Security fixes:
+ Replace embedded copy of extjs by Debian package, the embedded one
+ contains a flash file built with a vulnerable version of yui (charts.swf).
+ (Closes: #694642)
+ * Urgency high, this is a RC bug
+
+ -- Pierre Chifflier <pollux@debian.org> Fri, 25 Jan 2013 11:37:09 +0100
+
glpi (0.83.31-1) unstable; urgency=medium
* Imported Upstream version 0.83.31
diff -Nru glpi-0.83.31/debian/control glpi-0.83.31/debian/control
--- glpi-0.83.31/debian/control 2012-03-10 11:37:14.000000000 +0100
+++ glpi-0.83.31/debian/control 2013-01-25 11:32:56.000000000 +0100
@@ -15,6 +15,7 @@
ttf-freefont,
tinymce,
libphp-phpmailer,
+ libjs-extjs,
${misc:Depends}
Description: IT and Asset management software
GLPI stands for "Gestionnaire libre de parc informatique",
diff -Nru glpi-0.83.31/debian/rules glpi-0.83.31/debian/rules
--- glpi-0.83.31/debian/rules 2012-04-28 16:58:14.000000000 +0200
+++ glpi-0.83.31/debian/rules 2013-01-25 11:34:15.000000000 +0100
@@ -67,6 +67,8 @@
rm -rf $(DESTDIR)/usr/share/glpi/lib/phpcas
rm -rf $(DESTDIR)/usr/share/glpi/lib/tiny_mce
rm -rf $(DESTDIR)/usr/share/glpi/lib/phpmailer
+ rm -rf $(DESTDIR)/usr/share/glpi/lib/extjs; \
+ ln -s /usr/share/javascript/extjs $(DESTDIR)/usr/share/glpi/lib/extjs
build-arch: build
build-indep: build
Reply to: