Package: libjs-yui Version: 2.8.1-1 Severity: important As per http://yuilibrary.com/support/2.8.2 : A security-related defect was introduced in the YUI 2 Flash component infrastructure beginning with the YUI 2.4.0 release. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. YUI 2.8.2 corrects this problem; patches are also provided here for all affected releases from 2.4.0 through 2.8.1.
The package contains following files that are affected: 59c6e2c9ae7de87f11dd3db3336de8b6 /usr/share/javascript/yui/charts/assets/charts.swf eeb5aa24c17afae286845bedb142da28 /usr/share/javascript/yui/uploader/assets/uploader.swf f619420748b08a2d453c049ef190e2f3 /usr/share/javascript/yui/swfstore/swfstore.swf -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash libjs-yui depends on no packages. Versions of packages libjs-yui recommends: ii javascript-common 7 Base support for javascript librar libjs-yui suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
