+++ This bug was initially created as a clone of Bug #284874 +++ CVE-2008-7220 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7220): Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors. rabbit has version 1.4.0 in lib/rabbit/div/prototype.js
I've just removed rabbit 0.5.2 from the tree since it is an old version. Unfortunately the more recent rabbit 0.6.1 also includes a copy of prototype 1.4.0.
app-office/rabbit-0.6.3 has a copy of Prototype 1.6.0.3. I've removed rabbit-0.6.1, so I believe we can close this bug.
The package actually was never stable. → Closing noglsa. Thanks.