Bug#558977: libhtml-prototype-perl: CVE-2007-2383 and CVE-2008-7720
gregor herrmann
gregoa at debian.org
Tue Dec 1 15:42:08 UTC 2009
tag 558977 + confirmed
thanks
On Mon, 30 Nov 2009 19:40:11 -0500, Michael Gilbert wrote:
> Your package contains an embedded version of prototype.js that is
> vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1)
> [0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both.
>
> Your package embeds the following prototype.js versions:
>
> sid: 1.4.0
> lenny: 1.4.0
> etch: 1.4.0
Took me a bit to find it, since there's no prototype.js file in the
package, but the code is part of lib/HTML/Prototype/Js.pm indeed.
Cheers,
gregor
--
.''`. http://info.comodo.priv.at/ -- GPG Key IDs: 0x00F3CFE4, 0x8649AA06
: :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/
`. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/
`- NP: Elton John: Song For Guy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20091201/f838ad65/attachment.pgp>
More information about the pkg-perl-maintainers
mailing list