Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package glpi This fixes a security issue, and should allow glpi not to be removed from wheezy. Changelog: glpi (0.83.31-2) unstable; urgency=high . * Security fixes: Replace embedded copy of extjs by Debian package, the embedded one contains a flash file built with a vulnerable version of yui (charts.swf). (Closes: #694642) * Urgency high, this is a RC bug Full debdiff attached. Regards, Pierre unblock glpi/0.83.31-2 -- System Information: Debian Release: 6.0.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32.55.pollux-grsec (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru glpi-0.83.31/debian/changelog glpi-0.83.31/debian/changelog --- glpi-0.83.31/debian/changelog 2012-07-22 21:47:52.000000000 +0200 +++ glpi-0.83.31/debian/changelog 2013-01-25 11:37:11.000000000 +0100 @@ -1,3 +1,13 @@ +glpi (0.83.31-2) unstable; urgency=high + + * Security fixes: + Replace embedded copy of extjs by Debian package, the embedded one + contains a flash file built with a vulnerable version of yui (charts.swf). + (Closes: #694642) + * Urgency high, this is a RC bug + + -- Pierre Chifflier <pol...@debian.org> Fri, 25 Jan 2013 11:37:09 +0100 + glpi (0.83.31-1) unstable; urgency=medium * Imported Upstream version 0.83.31 diff -Nru glpi-0.83.31/debian/control glpi-0.83.31/debian/control --- glpi-0.83.31/debian/control 2012-03-10 11:37:14.000000000 +0100 +++ glpi-0.83.31/debian/control 2013-01-25 11:32:56.000000000 +0100 @@ -15,6 +15,7 @@ ttf-freefont, tinymce, libphp-phpmailer, + libjs-extjs, ${misc:Depends} Description: IT and Asset management software GLPI stands for "Gestionnaire libre de parc informatique", diff -Nru glpi-0.83.31/debian/rules glpi-0.83.31/debian/rules --- glpi-0.83.31/debian/rules 2012-04-28 16:58:14.000000000 +0200 +++ glpi-0.83.31/debian/rules 2013-01-25 11:34:15.000000000 +0100 @@ -67,6 +67,8 @@ rm -rf $(DESTDIR)/usr/share/glpi/lib/phpcas rm -rf $(DESTDIR)/usr/share/glpi/lib/tiny_mce rm -rf $(DESTDIR)/usr/share/glpi/lib/phpmailer + rm -rf $(DESTDIR)/usr/share/glpi/lib/extjs; \ + ln -s /usr/share/javascript/extjs $(DESTDIR)/usr/share/glpi/lib/extjs build-arch: build build-indep: build