Bug#698925: unblock: glpi/0.83.31-2

To: Pierre Chifflier <pollux@debian.org>, 698925@bugs.debian.org
Subject: Bug#698925: unblock: glpi/0.83.31-2
From: Niels Thykier <niels@thykier.net>
Date: Fri, 25 Jan 2013 12:20:36 +0100
Message-id: <51026A84.30903@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 698925@bugs.debian.org
In-reply-to: <20130125105127.16948.74780.reportbug@ks26688.kimsufi.com>
References: <20130125105127.16948.74780.reportbug@ks26688.kimsufi.com>

Control: tags -1 moreinfo

On 2013-01-25 11:51, Pierre Chifflier wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package glpi
> 
> This fixes a security issue, and should allow glpi not to be removed
> from wheezy.
> 
> Changelog:
>  glpi (0.83.31-2) unstable; urgency=high
>  .
>    * Security fixes:
>      Replace embedded copy of extjs by Debian package, the embedded one
>      contains a flash file built with a vulnerable version of yui
> (charts.swf).
>      (Closes: #694642)
>    * Urgency high, this is a RC bug
> 
> Full debdiff attached.
> 
> Regards,
> Pierre
> 
> unblock glpi/0.83.31-2
> 
> [...]

Hi,

Paul Wise suggested that there are no sources for the affected files[1].
 If so, they should be removed from the source package[2].

~Niels

[1] https://lists.debian.org/debian-release/2013/01/msg00951.html

[2] http://www.debian.org/social_contract

DFSG §2

"""
The program must include source code, [...].
"""

Reply to:

Follow-Ups:
- Bug#698925: unblock: glpi/0.83.31-2
  - From: Pierre Chifflier <pollux@debian.org>

References:
- Bug#698925: unblock: glpi/0.83.31-2
  - From: Pierre Chifflier <pollux@debian.org>

Prev by Date: Processed: Re: Bug#698925: unblock: glpi/0.83.31-2
Next by Date: Bug#698931: unblock: postgresql-common/134wheezy3
Previous by thread: Processed: Re: Bug#698925: unblock: glpi/0.83.31-2
Next by thread: Bug#698925: unblock: glpi/0.83.31-2
Index(es):
- Date
- Thread