Your message dated Fri, 25 Jan 2013 11:02:33 +0000
with message-id <[email protected]>
and subject line Bug#694642: fixed in glpi 0.83.31-2
has caused the Debian Bug report #694642,
regarding glpi: embeds vulnerable and apparently useless SWF library
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
694642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694642
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: yui
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see :
http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-
in-yui-2/
Are vulnerable versions in Debian?
Cheers,
luciano
--- End Message ---
--- Begin Message ---
Source: glpi
Source-Version: 0.83.31-2
We believe that the bug you reported is fixed in the latest version of
glpi, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Chifflier <[email protected]> (supplier of updated glpi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 25 Jan 2013 11:37:09 +0100
Source: glpi
Binary: glpi
Architecture: source all
Version: 0.83.31-2
Distribution: unstable
Urgency: high
Maintainer: Pierre Chifflier <[email protected]>
Changed-By: Pierre Chifflier <[email protected]>
Description:
glpi - IT and Asset management software
Closes: 694642
Changes:
glpi (0.83.31-2) unstable; urgency=high
.
* Security fixes:
Replace embedded copy of extjs by Debian package, the embedded one
contains a flash file built with a vulnerable version of yui (charts.swf).
(Closes: #694642)
* Urgency high, this is a RC bug
Checksums-Sha1:
c44217aabe7c1271934a8e6fb2593a1feaae5a52 1645 glpi_0.83.31-2.dsc
e6856ef09d6fc1031776d5a49b3d64211bb7f135 16462 glpi_0.83.31-2.debian.tar.gz
c433d22ea9ab3ddebda82dda7337d0d7efaf2af7 2824998 glpi_0.83.31-2_all.deb
Checksums-Sha256:
743920b7068747d28076105ba87791fe43cbccd67c19eba6c7a780419a1bad0f 1645
glpi_0.83.31-2.dsc
dc49afe3934ebb9d091bcd9fe8894847b81a38a1a05bf597800799a818727a18 16462
glpi_0.83.31-2.debian.tar.gz
eddda2a0515b1fba6cde7b6936993f5cdf0844029cf553721d29b4d0a5b8842c 2824998
glpi_0.83.31-2_all.deb
Files:
5de9cab2b60aca54ddfe53a0da11df90 1645 web optional glpi_0.83.31-2.dsc
ac477e8111d29ee01957c6f5669e100c 16462 web optional
glpi_0.83.31-2.debian.tar.gz
7001acb6cbe39663a4f35939e99503eb 2824998 web optional glpi_0.83.31-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRAmHVAAoJEMYaZNzxOTmYE3UP/j6h3Dtk2daXxYPtwRYcZ5rb
8B7gXLazM7YERBMhLYcOCzxy/+pwLvNHPqFtUMkR18djsKBBE3mhW2yAJLg8jHw+
q0cUJ7733VHAXwTKhIIXioXPPBHgcBseb6skOYYDvPuyTZjUb4D7+TuPKlVUDIBr
egtVUrM7wA2R1QhkobWVusyOCDthIqAm/LZ/avL9OUhO82QInPXc37CwROA5L4Dz
7l7q5dC2GnlPV4UZwR7lpMuNkT9L/95qGcSgPbefvF1xLaY4lPd0gm73Q03zoh2S
O0YzxKrMRsi7Up3RER56EmZKJI6RS12shtW7b6AMP3m/qneujsN9Z/HmPrv8nJW3
ym8HOzvCdB3T0IyGOlJJ8cSaWI1eEeBjKj/PxastWcJKpeg2KkSJP/zjXNQPWSvS
22FlM7OB85H1Hy/wT54yWSrjs0Bbs6yRAg6LxRq750vzvVLQvp20QUYK0SOBX6rG
XbZA6ZmohoqU03VyigFB1dOuxO1O4S1kLx0VDvTuoIAqlSebGTxUX7Xg5XMto3mf
lzPPx4oNbMpPkU/AH31wsk/3u3U5P8LGZ9u34FtABVvgn3wSamIs2u7aXiCcKxu/
6HP+XXX14wAWymCNt98tCawRsdgaAdUM5CCXDf1yXoNT6UgEAjMW0Ci4vCHfOslS
I8Cr87hkcO371L1i4Q+f
=cNQ4
-----END PGP SIGNATURE-----
--- End Message ---
