Bug#698925: unblock: glpi/0.83.31-2

[Pierre Chifflier <pollux@debian.org>]

On Fri, Jan 25, 2013 at 12:20:36PM +0100, Niels Thykier wrote:
> Control: tags -1 moreinfo
> 
> On 2013-01-25 11:51, Pierre Chifflier wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> > 
> > Please unblock package glpi
> > 
> > This fixes a security issue, and should allow glpi not to be removed
> > from wheezy.
> > 
> > Changelog:
> >  glpi (0.83.31-2) unstable; urgency=high
> >  .
> >    * Security fixes:
> >      Replace embedded copy of extjs by Debian package, the embedded one
> >      contains a flash file built with a vulnerable version of yui
> > (charts.swf).
> >      (Closes: #694642)
> >    * Urgency high, this is a RC bug
> > 
> > Full debdiff attached.
> > 
> > Regards,
> > Pierre
> > 
> > unblock glpi/0.83.31-2
> > 
> > [...]
> 
> Hi,
> 
> Paul Wise suggested that there are no sources for the affected files[1].
>  If so, they should be removed from the source package[2].
> 


Hi,

I will indeed remove the files from the source. I just did a minimal
diff for the inclusion in testing, to make sure the .swf file is not
included in binary packages, and make the source repackaging stuff in a
second step.

Regards,
Pierre