Control: tags -1 moreinfo On 2013-01-25 11:51, Pierre Chifflier wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Please unblock package glpi > > This fixes a security issue, and should allow glpi not to be removed > from wheezy. > > Changelog: > glpi (0.83.31-2) unstable; urgency=high > . > * Security fixes: > Replace embedded copy of extjs by Debian package, the embedded one > contains a flash file built with a vulnerable version of yui > (charts.swf). > (Closes: #694642) > * Urgency high, this is a RC bug > > Full debdiff attached. > > Regards, > Pierre > > unblock glpi/0.83.31-2 > > [...]
Hi, Paul Wise suggested that there are no sources for the affected files[1]. If so, they should be removed from the source package[2]. ~Niels [1] https://lists.debian.org/debian-release/2013/01/msg00951.html [2] http://www.debian.org/social_contract DFSG ยง2 """ The program must include source code, [...]. """ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
