On Thu, Jan 01, 1970 at 12:00:00AM +0000, Niko Tyni wrote: > On Wed, Nov 04, 2009 at 10:08:37PM -0500, Michael Gilbert wrote: > > see [0] for a link to a patch for the 2007 issue. see [1] for info and a > > link to a 1.5 version with the backported fix for the 2008 issue. > > > [0] http://dev.rubyonrails.org/ticket/7910 > > [1] > > http://prototypejs.org/2008/1/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security
Thanks Michael. Given that the smokeping versions in Debian don't use JSON at all and definitely don't have a server side component that sends it, I don't see any attack vector for these vulnerabilities. Am I missing something? (Smokeping is only using prototype.js through the scriptaculous library, which gets used through cropper, which is a client-side image cropper UI.) -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
