tag 558977 + confirmed thanks On Mon, 30 Nov 2009 19:40:11 -0500, Michael Gilbert wrote:
> Your package contains an embedded version of prototype.js that is > vulnerable to either CVE-2007-2383 (affecting prototype.js before 1.5.1) > [0], CVE-2008-7220 (affecting prototype.js before 1.6.0.2) [1], or both. > > Your package embeds the following prototype.js versions: > > sid: 1.4.0 > lenny: 1.4.0 > etch: 1.4.0 Took me a bit to find it, since there's no prototype.js file in the package, but the code is part of lib/HTML/Prototype/Js.pm indeed. Cheers, gregor -- .''`. http://info.comodo.priv.at/ -- GPG Key IDs: 0x00F3CFE4, 0x8649AA06 : :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/ `. `' Member of VIBE!AT, SPI Inc., fellow of FSFE | http://got.to/quote/ `- NP: Elton John: Song For Guy
signature.asc
Description: Digital signature
