Package: serendipty Version: 1.4.1-1 Severity: important Tags: security Hi,
Your package embeds the yahoo ui framework, which is vulnerable to the following security issue: CVE-2007-2385[0]: | The Yahoo! UI framework exchanges data using JavaScript Object | Notation (JSON) without an associated protection scheme, which allows | remote attackers to obtain the data via a web page that retrieves the | data through a URL in the SRC attribute of a SCRIPT element and | captures the data using other JavaScript code, aka "JavaScript | Hijacking." Your package may or may not be vulnerable (please check). Even if it is not currently vulnerable to thiss issue, it should be udated to make use of the system libjs-yui library instead of its own embedded copy. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2385 http://security-tracker.debian.org/tracker/CVE-2007-2385 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
