Bug#698925: unblock: glpi/0.83.31-2
Control: tags -1 moreinfo
On 2013-01-25 11:51, Pierre Chifflier wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Please unblock package glpi
>
> This fixes a security issue, and should allow glpi not to be removed
> from wheezy.
>
> Changelog:
> glpi (0.83.31-2) unstable; urgency=high
> .
> * Security fixes:
> Replace embedded copy of extjs by Debian package, the embedded one
> contains a flash file built with a vulnerable version of yui
> (charts.swf).
> (Closes: #694642)
> * Urgency high, this is a RC bug
>
> Full debdiff attached.
>
> Regards,
> Pierre
>
> unblock glpi/0.83.31-2
>
> [...]
Hi,
Paul Wise suggested that there are no sources for the affected files[1].
If so, they should be removed from the source package[2].
~Niels
[1] https://lists.debian.org/debian-release/2013/01/msg00951.html
[2] http://www.debian.org/social_contract
DFSG §2
"""
The program must include source code, [...].
"""
Reply to: