[Secure-testing-commits] r13242 - data
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Nov 9 03:13:14 UTC 2009
Author: gilbert-guest
Date: 2009-11-09 03:13:14 +0000 (Mon, 09 Nov 2009)
New Revision: 13242
Modified:
data/embedded-code-copies
Log:
bugs for prototypejs (more to do: scriptaculous, lucene, horde3, but i'm tired; will get to it in the next few days)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2009-11-09 02:51:03 UTC (rev 13241)
+++ data/embedded-code-copies 2009-11-09 03:13:14 UTC (rev 13242)
@@ -643,63 +643,43 @@
prototypejs
- netbeans-ide 6.0.1+dfsg-2 (embed)
- - auth2db <unfixed> (embed)
- - webcit <unfixed> (embed)
+ - auth2db <unfixed> (embed; bug #555218)
+ - webcit <unfixed> (embed; bug #555219)
- asterisk 1:1.6.2.0~rc3-1 (embed)
- - doc-iana <unfixed> (embed)
- - libaws <unfixed> (embed)
- - libjson-ruby <unfixed> (embed)
- - lucene2 <unfixed> (embed)
- - solr <unfixed> (embed)
- - glpi <unfixed> (embed)
- - mnemo2 <unfixed> (embed)
- - nag2 <unfixed> (embed)
- - knowledgeroot <unfixed> (embed)
- - mediatomb <unfixed> (embed)
+ - libjson-ruby <unfixed> (embed; bug #555224)
+ - lucene2 <unfixed> (embed; bug #555226)
+ - horde3 <unfixed> (embed)
+ - knowledgeroot <unfixed> (embed; bug #555230)
+ - mediatomb <unfixed> (embed; bug #555233)
- mt-daapd 0.9~r1696.dfsg-6lenny2 (embed)
- - op-panel <unfixed> (embed)
- - ebug-http <unfixed> (embed)
+ - ebug-http <unfixed> (embed; bug #555236)
- phpgedview <removed> (embed)
- - poker-network <unfixed> (embed)
- - webhelpers <unfixed> (embed)
- - qwik <unfixed> (embed)
+ - poker-network <unfixed> (embed; bug #555238)
- rails 2.1.0-6 (embed)
- - typo3-src <unfixed> (embed)
- - wordpress 2.5.0-2 (embed)
- - zope <unfixed> (embed)
- - smokeping 2.3.6-3 (embed)
+ - wordpress 2.5.0-2 (embed; bug #555243)
+ - zope <not-affected> (the prototypejs embed is not in any of the obvious zope packages, e.g. zope2.9, zope2.10, zope2.11, and zope3)
+ TODO: search through all of the other zope packages
- ampache 3.4.1-2 (embed)
- - exaile <unfixed> (embed)
- - hobix <unfixed> (embed)
- - pixelpost <unfixed> (embed)
- - symfony <unfixed> (embed)
- NOTE: it's been said that there are custom changes
- - zabbix <unfixed> (embed)
- - turba2 <unfixed> (embed)
- - chora2 <unfixed> (embed)
- - gollem <unfixed> (embed)
- - jscropperui <unfixed> (embed)
- - rt-extension-emailcompletion <unfixed> (embed)
- - scriptaculous <unfixed> (embed)
- - ingo1 <unfixed> (embed)
- - kronolith2 <unfixed> (embed)
- - libpdfbox-java <unfixed> (embed)
+ - exaile <unfixed> (embed; bug #555245)
+ - hobix <unfixed> (embed; bug #555247)
+ - zabbix <unfixed> (embed; bug #555250)
+ - chora2 <unfixed> (embed; bug #555253)
+ - gollem <unfixed> (embed; bug # 555254)
+ - jscropperui <unfixed> (embed; bug #555257)
+ - scriptaculous <unfixed> (embed; bug #555260)
+ - ingo1 <unfixed> (embed; bug #555261)
+ - kronolith2 <unfixed> (embed; bug #555262)
- activeldap <unfixed> (embed)
- - libfontbox-java <unfixed> (embed)
- - libjempbox-java <unfixed> (embed)
- - libv8 <unfixed> (embed)
- - mantis <unfixed> (embed)
- - otrs2 <unfixed> (embed)
- - webcalendar <unfixed> (embed)
- - redmine <unfixed> (embed)
- - jifty <unfixed> (embed)
- - jquery <unfixed> (embed)
- - passenger <unfixed> (embed)
- - plone3 <unfixed> (embed)
- - pylucene <unfixed> (embed)
- - request-tracker3.6 <unfixed> (embed)
- - request-tracker3.8 <unfixed> (embed)
- - wesnoth <unfixed> (embed)
+ - libv8 <not-affected> (contains a google-specific implementation of prototype.js)
+ - mantis <unfixed> (embed; bug #555265)
+ - otrs2 <unfixed> (embed; bug #555267)
+ - webcalendar <unfixed> (embed; bug #555269)
+ - redmine 0.9.0~svn2907-1 (embed; bug #555270)
+ - jifty <unfixed> (embed; bug #555271)
+ - jquery <unfixed> (embed; bug #555272)
+ - passenger <unfixed> (embed; bug #555273)
+ - plone3 <unfixed> (embed; bug #555275)
+ - wesnoth <unfixed> (embed; bug #555277)
- xulrunner <unfixed> (embed)
NOTE: included in iceweasel/xulrunner unit tests directory, so may not be security-relevant
@@ -775,22 +755,21 @@
- glpi <unfixed> (embed)
- moodle <unfixed> (embed; bug #505984)
-scriptaculous
+scriptaculous (prototype.js is among the embeds in the following)
- glpi <unfixed> (embed)
- - libaws <unfixed> (embed)
- NOTE: libaws-doc
+ - libaws <unfixed> (embed; bug #555222)
- op-panel <unfixed> (embed)
- symfony <unfixed> (embed)
NOTE: maintainer says there are extra incompatible changes required
- pixelpost <unfixed> (embed)
- webhelpers <unfixed> (embed)
- NOTE: python-webhelpers
- - qwik <unfixed> (embed)
+ - qwik <unfixed> (embed; bug #555241)
- smokeping <unfixed> (embed)
- turba2 <unfixed> (embed)
- typo3-src 4.2.3-1 (embed)
- request-tracker3.6 <unfixed> (embed)
- request-tracker3.8 <unfixed> (embed)
+ - rt-extension-emailcompletion <unfixed> (embed)
libmarkdown-php
- moodle <unfixed> (embed; bug #507185)
@@ -915,9 +894,7 @@
- zope-textindexng3 <unknown> (embed)
- iceweasel <unknown> (embed)
- xulrunner <unknown> (embed)
- - wireshark <not-affected> (embed)
- NOTE: python-ply modules are not installed into binary packages
- NOTE: see #554613
+ - wireshark <not-affected> (python-ply modules are not installed into binary packages; see #554613)
libdumbnet (libdnet upstream)
- nmap <unfixed> (fork)
@@ -1095,8 +1072,7 @@
- iceweasel <unknown> (embed)
- sabnzbdplus <unknown> (embed)
- xulrunner <unknown> (embed)
- - nipy <not-affected> (embed) [./examples/neurospin/neurospy/configobj.py]
- NOTE: part of an example, which is not installed into binary packages
+ - nipy <not-affected> (part of an example [/examples/neurospin/neurospy/configobj.py], which is not installed into binary packages)
python-clientform
- bibus <unfixed> (embed)
@@ -1277,7 +1253,7 @@
NOTE: be dangerous if developers are naively basing their code off of the examples
NOTE: prototype.js is among the example files
-lucene2
+lucene2 (prototype.js is among the embeds in the following)
- lucene <unfixed> (old-version)
- pylucene <unfixed> (embed)
- libpdfbox-java <unfixed> (embed)
@@ -1346,3 +1322,7 @@
- convirt <unfixed> (embed)
- pida <unfixed> (embed)
- rednotebook <unfixed> (embed)
+
+horde3 (prototype.js is among the embeds in the following)
+ - mnemo2 <unfixed> (embed)
+ - nag2 <unfixed> (embed)
More information about the Secure-testing-commits
mailing list