[Pkg-javascript-devel] Bug#603513: Bug#603513: yui: multiple xss issues in included swf files

Thomas Goirand zigo at debian.org
Sun Nov 28 18:00:17 UTC 2010


On 11/28/2010 02:26 PM, Jaldhar H. Vyas wrote:
> On Wed, 24 Nov 2010, Moritz Muehlenhoff wrote:
> 
>> Jaldhar, what's the status of this security bug?
>>
> 
> Sorry for the delayed response, it is the Thanksgiving holiday in the US.
> 
> I worked on the package today.  The problem is the that some of the
> affected swf files might not be buildable with tools available in
> Debian. I've put out a call for help but the package may need to be
> removed if no solution can be found.

Take care if you do that: there's some reverse dependencies involved!
I'd rather that you just remove the swf files from the package, and
create a non-free package for them. There's many cases were you will
need yui, but not the attached swf files!!!

Thomas Goirand (zigo)





More information about the Pkg-javascript-devel mailing list