Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

2010-12-09 Thread Jaldhar H. Vyas
On Sun, 5 Dec 2010, Moritz Muehlenhoff wrote: Jaldhar, please prepare an yeu upload which updates the security-buggy SWF from from 603513. Sorry it took me long enough but I have just uploaded 2.8.2r1~squeeze-1 which contains updated SWF files. -- Jaldhar H. Vyas -- To UNSUBSCRIBE, ema

Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

2010-12-05 Thread Moritz Muehlenhoff
On Wed, Dec 01, 2010 at 11:23:21PM +0100, Julien Cristau wrote: > tag 591199 squeeze-ignore > kthxbye > > On Wed, Dec 1, 2010 at 23:09:34 +0100, Moritz Muehlenhoff wrote: > > > We should update the SWF files affected through #603513 with their > > versions from YUI 2.8.2 and tag #591199 squeeze

Processed: Re: Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

2010-12-01 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tag 591199 squeeze-ignore Bug #591199 [src:yui] yui: does not build swf files from source Bug #591383 [src:yui] libjs-yui: does not build .swf files from source Added tag(s) squeeze-ignore. Added tag(s) squeeze-ignore. > kthxbye Stopping processin

Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

2010-12-01 Thread Julien Cristau
tag 591199 squeeze-ignore kthxbye On Wed, Dec 1, 2010 at 23:09:34 +0100, Moritz Muehlenhoff wrote: > We should update the SWF files affected through #603513 with their > versions from YUI 2.8.2 and tag #591199 squeeze-ignore. For Wheezy > we can get the necessary SWF compilers into the archive

Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

2010-12-01 Thread Moritz Muehlenhoff
Jaldhar H. Vyas wrote: > On Mon, 29 Nov 2010, Thomas Goirand wrote: > >> Take care if you do that: there's some reverse dependencies involved! >> I'd rather that you just remove the swf files from the package, and >> create a non-free package for them. There's many cases were you will >> need yui,

Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

2010-11-28 Thread Jaldhar H. Vyas
On Mon, 29 Nov 2010, Thomas Goirand wrote: Take care if you do that: there's some reverse dependencies involved! I'd rather that you just remove the swf files from the package, and create a non-free package for them. There's many cases were you will need yui, but not the attached swf files!!!

Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

2010-11-28 Thread Thomas Goirand
On 11/28/2010 02:26 PM, Jaldhar H. Vyas wrote: > On Wed, 24 Nov 2010, Moritz Muehlenhoff wrote: > >> Jaldhar, what's the status of this security bug? >> > > Sorry for the delayed response, it is the Thanksgiving holiday in the US. > > I worked on the package today. The problem is the that some