[Secure-testing-team] prototypejs, scriptaculous embedded in libhtml-prototype-perl
Ansgar Burchardt
ansgar at 43-1.org
Mon Nov 30 08:14:29 UTC 2009
Hi,
please add the following information to the list of embedded code
copies:
prototypejs
- libhtml-prototype-perl <unfixed> (embed; bug #538920)
scriptaculous
- libhtml-prototype-perl <unfixed> (embed; bug #538920)
Note that the JavaScript libraries are included in the Perl module
sources, so they are easy to miss. They are also quite outdated:
the included prototype version is 1.4.0, the script.aculo.us library
have a copyright year of 2005 (I did not see a version number).
I suspect the included versions might also be affected by some recent
security issues? At least CVE-2007-2383, CVE-2008-7220 look
suspicious.
Regards,
Ansgar
More information about the Secure-testing-team
mailing list