Bug#692434: yui: diff for NMU version 2.9.0-1.1

Sat, 02 Feb 2013 08:42:19 -0800 

tags 692434 + patch
tags 692434 + pending
thanks

Dear maintainer,

I've prepared an NMU for yui (versioned as 2.9.0-1.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer or cancel it.

Regards,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

diff -Nru yui-2.9.0/debian/changelog yui-2.9.0/debian/changelog
--- yui-2.9.0/debian/changelog	2012-06-29 20:47:34.000000000 +0100
+++ yui-2.9.0/debian/changelog	2013-02-02 16:30:55.000000000 +0000
@@ -1,3 +1,11 @@
+yui (2.9.0-1.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Disable installation of uploader.swf and swfstore.swf as examples
+    owing to unfixed security issues (Closes: #692434)
+
+ -- Dominic Hargreaves <d...@earth.li>  Sat, 02 Feb 2013 16:30:52 +0000
+
 yui (2.9.0-1) unstable; urgency=low
 
   * New upstream version.
diff -Nru yui-2.9.0/debian/rules yui-2.9.0/debian/rules
--- yui-2.9.0/debian/rules	2012-06-29 22:09:11.000000000 +0100
+++ yui-2.9.0/debian/rules	2013-02-02 16:30:01.000000000 +0000
@@ -20,16 +20,19 @@
 	as3compile com/yui/util/connection.as -M connection -R -o connection.swf && \
 	mv connection.swf ../../../build/connection
 
-	cd src/uploader/as && \
-	as3compile Uploader.as -M Uploader -R -o uploader.swf && \
-	cp uploader.swf ../../../examples/uploader/assets && \
-	mv uploader.swf ../../../build/uploader/assets
+	# Disable installation of uploader.swf and swfstore.swf due to
+	# known security issues without published source code fixes
+	# (CVE-2012-5882 and CVE-2012-5883 respectively)
+	#cd src/uploader/as && \
+	#as3compile Uploader.as -M Uploader -R -o uploader.swf && \
+	#cp uploader.swf ../../../examples/uploader/assets && \
+	#mv uploader.swf ../../../build/uploader/assets
           
-	cd src/swfstore/as && \
-	as3compile SWFStore.as -M SWFStore -R -o swfstore.swf && \
-	cp  swfstore.swf ../../../examples/storage && \
-	cp  swfstore.swf ../../../examples/swfstore && \
-	mv swfstore.swf ../../../build/swfstore
+	#cd src/swfstore/as && \
+	#as3compile SWFStore.as -M SWFStore -R -o swfstore.swf && \
+	#cp  swfstore.swf ../../../examples/storage && \
+	#cp  swfstore.swf ../../../examples/swfstore && \
+	#mv swfstore.swf ../../../build/swfstore
 
 override_dh_clean:
 	-rm -rf as-docs/Charts.html as-docs/com/yahoo/astra/fl/charts \

Reply via email to