-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
Le 23/09/2014 08:04, Craig Small a écrit : > On Tue, Sep 23, 2014 at 12:55:54AM -0400, David Prévot wrote: >> > Tags: security > Why is it a security issue? I see no security issue. For example, I just prepared a php-getid3 update yesterday to include a better fix to CVE-2014-2053, and intend to push it into stable. That is because of the security fix that I noticed the embedded code copy. Embedded code copies do have a security impact, generally speaking, and in this case, it’s a practical one. > I'm really not inclined to play find the embedded js that is almost > but not quite the same as shipped in Debian game. Feel free to play the clone and severity game to acknowledge the sourceless and unbuildable Flash and Silverlight stuff pointed in the initial message anyway. Regards David -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJUIa9FAAoJEAWMHPlE9r08ThoH/Ah8EwX3F6MsDHl6NMLBak1t fpSaTMY/OJ37D2XaAhuYtOTx13nPZURKyWn1TLILM3/akHyT1uP+xhyd9s5Ppy5P mAk3RmkxVlEy1OdKBCS1oAZEWHfD7A6zHeUyiv1c03XCDHGjY5zVlYYxOKGaTwdU 24zP4s1/D+3HTksskKYpl/JfQ7rur+db0Dd7imYEIG5WEdPTWeTQQLP1MdntpLc3 pRQXTUHMb2fI2i1gaXP1a18VKjxTpuGEY38GVMEr8jno6NnTswHuXke+DKe08W3e NNZJZheR2vE59D4GKvXZICES1RROYAoMMwNxaq6P0G/YLgIxiP0XFGy9Z6DgC6c= =IPpk -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
