[Pkg-javascript-devel] Bug#603513: Bug#603513: yui: multiple xss issues in included swf files
Thomas Goirand
zigo at debian.org
Sun Nov 28 18:00:17 UTC 2010
On 11/28/2010 02:26 PM, Jaldhar H. Vyas wrote:
> On Wed, 24 Nov 2010, Moritz Muehlenhoff wrote:
>
>> Jaldhar, what's the status of this security bug?
>>
>
> Sorry for the delayed response, it is the Thanksgiving holiday in the US.
>
> I worked on the package today. The problem is the that some of the
> affected swf files might not be buildable with tools available in
> Debian. I've put out a call for help but the package may need to be
> removed if no solution can be found.
Take care if you do that: there's some reverse dependencies involved!
I'd rather that you just remove the swf files from the package, and
create a non-free package for them. There's many cases were you will
need yui, but not the attached swf files!!!
Thomas Goirand (zigo)
More information about the Pkg-javascript-devel
mailing list