affects 692434 + icinga-web glpi thanks
Hi, The yui packages in Debian only include the following files: /usr/share/doc/libjs-yui-doc/examples/storage/swfstore.swf.gz /usr/share/doc/libjs-yui-doc/examples/swfstore/swfstore.swf.gz /usr/share/doc/libjs-yui-doc/examples/uploader/assets/uploader.swf.gz Since these are example files, we might just remove them. I'm not sure how to build those files, and the list of md5sums in the yuilibrary page suggests that it's not expected that users build those. The build process of yui deletes the distributed swf files, and generates them again. But it doesn't rebuild the "charts.swf" file. Not generating the charts.swf file is a real security issue, since this file is bundled in other packages (icinga-web and glpi), which include the swf listed as version 2.8.2. It would be a really good idea to build charts.swf from source, but I'm not sure how to do it. Thanks, -- "Programs must be written for people to read, and only incidentally for machines to execute." -― Hal Abelson, "Structure and Interpretation of Computer Programs" Saludos /\/\ /\ >< `/
signature.asc
Description: Digital signature
