Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

On Sun, 5 Dec 2010, Moritz Muehlenhoff wrote: Jaldhar, please prepare an yeu upload which updates the security-buggy SWF from from 603513. Sorry it took me long enough but I have just uploaded 2.8.2r1~squeeze-1 which contains updated SWF files. -- Jaldhar H. Vyas -- To UNSUBSCRIBE, ema

Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

On Wed, Dec 01, 2010 at 11:23:21PM +0100, Julien Cristau wrote: > tag 591199 squeeze-ignore > kthxbye > > On Wed, Dec 1, 2010 at 23:09:34 +0100, Moritz Muehlenhoff wrote: > > > We should update the SWF files affected through #603513 with their > > versions from YUI 2.8.2 and tag #591199 squeeze

Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

tag 591199 squeeze-ignore kthxbye On Wed, Dec 1, 2010 at 23:09:34 +0100, Moritz Muehlenhoff wrote: > We should update the SWF files affected through #603513 with their > versions from YUI 2.8.2 and tag #591199 squeeze-ignore. For Wheezy > we can get the necessary SWF compilers into the archive

Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

Jaldhar H. Vyas wrote: > On Mon, 29 Nov 2010, Thomas Goirand wrote: > >> Take care if you do that: there's some reverse dependencies involved! >> I'd rather that you just remove the swf files from the package, and >> create a non-free package for them. There's many cases were you will >> need yui,

Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

On Mon, 29 Nov 2010, Thomas Goirand wrote: Take care if you do that: there's some reverse dependencies involved! I'd rather that you just remove the swf files from the package, and create a non-free package for them. There's many cases were you will need yui, but not the attached swf files!!!

Bug#603513: [Pkg-javascript-devel] Bug#603513: yui: multiple xss issues in included swf files

On 11/28/2010 02:26 PM, Jaldhar H. Vyas wrote: > On Wed, 24 Nov 2010, Moritz Muehlenhoff wrote: > >> Jaldhar, what's the status of this security bug? >> > > Sorry for the delayed response, it is the Thanksgiving holiday in the US. > > I worked on the package today. The problem is the that some

Bug#603513: yui: multiple xss issues in included swf files

On Wed, 24 Nov 2010, Moritz Muehlenhoff wrote: Jaldhar, what's the status of this security bug? Sorry for the delayed response, it is the Thanksgiving holiday in the US. I worked on the package today. The problem is the that some of the affected swf files might not be buildable with tools

Bug#603513: yui: multiple xss issues in included swf files

On Sun, Nov 14, 2010 at 03:53:48PM -0500, Michael Gilbert wrote: > Package: yui > Version: 2.5.0-1 > Severity: grave > Tags: security > > Hi, > the following CVE (Common Vulnerabilities & Exposures) ids were > published for yui. > > CVE-2010-4207[0]: > | Cross-site scripting (XSS) vulnerability i

Bug#603513: yui: multiple xss issues in included swf files

Package: yui Version: 2.5.0-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for yui. CVE-2010-4207[0]: | Cross-site scripting (XSS) vulnerability in the Flash component | infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla,