[DRE-maint] Bug#555263: activeldap: CVE-2007-2383 and CVE-2008-7720 prototypejs vulnerabilities
Marc Dequènes (Duck)
duck at duckcorp.org
Thu Nov 12 19:01:23 UTC 2009
Coin,
Quoting Michael Gilbert <michael.s.gilbert at gmail.com>:
> Your package embeds the following prototype.js versions:
>
> sid: 1.6.0.3 (not affected)
> lenny: 1.6.0.1
> etch: N/A
You're right, libactiveldap-ruby-doc has a prototype.js file included.
Happily, it is not part of the software itself, but of one of the
examples, provided in the
/usr/share/doc/libactiveldap-ruby-doc/examples/al-admin.tgz tarball.
As it is only an example, and not directly usuable, i guess the
severity of this bug could be lowered a bit. I guess i should have a
look at the other potentially embedded libraries, like the Spinelz
one, which is just discovered, as it could have the same sort of
problems.
I plan to have a look at this problem in a few days, when back from my
holidays.
Thanks for the report.
--
Marc Dequènes (Duck)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20091112/28cddc75/attachment.pgp>
More information about the Pkg-ruby-extras-maintainers
mailing list