Your message dated Thu, 26 Mar 2020 10:55:34 +0000
with message-id <[email protected]>
and subject line Bug#943560: fixed in node-knockout 3.4.2-3
has caused the Debian Bug report #943560,
regarding node-knockout: CVE-2019-14862
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
943560: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943560
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: node-knockout
Version: 3.4.2-2
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for node-knockout.
CVE-2019-14862[0]:
|Cross-site Scripting (XSS) attacks due to not escaping the name
|attribute.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14862
[1] https://github.com/knockout/knockout/issues/1244
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-knockout
Source-Version: 3.4.2-3
Done: Xavier Guimard <[email protected]>
We believe that the bug you reported is fixed in the latest version of
node-knockout, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <[email protected]> (supplier of updated node-knockout package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Mar 2020 11:12:29 +0100
Source: node-knockout
Architecture: source
Version: 3.4.2-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Xavier Guimard <[email protected]>
Closes: 943560
Changes:
node-knockout (3.4.2-3) unstable; urgency=medium
.
* Team upload
.
[ Debian Janitor ]
* Set debhelper-compat version in Build-Depends.
* Set upstream metadata fields: Bug-Submit.
* Remove obsolete fields Contact, Name from debian/upstream/metadata
(already present in machine-readable debian/copyright).
* Update standards version to 4.4.1, no changes needed.
.
[ Xavier Guimard ]
* Declare compliance with policy 4.5.0
* Add "Rules-Requires-Root: no"
* Add debian/gbp.conf
* Update lintian overrides
* Use pkg-js-tools auto install
* Don't launch test during build step
* Enable ustream test during autopkgtest
* Fix bad escaping for old MSIE (Closes: #943560, CVE-2019-14862)
Checksums-Sha1:
53871daac0d84fc68e69906c960f4b7ec2a919cb 2062 node-knockout_3.4.2-3.dsc
b04351a7e540fc650341550e9f0161c52f624e40 4900
node-knockout_3.4.2-3.debian.tar.xz
Checksums-Sha256:
606b0f3f52150d2cf6f0714fcefc494b61e457c1d918407b0d8607030fa1588f 2062
node-knockout_3.4.2-3.dsc
05818d2d271ef90fcec860d0969ca2528749cff8e03a69d6835fb8861bea38b3 4900
node-knockout_3.4.2-3.debian.tar.xz
Files:
a505efa0ec216c305e5deebfaf7ebd54 2062 javascript optional
node-knockout_3.4.2-3.dsc
82e41658bc5de4d98ee6c7fc55b19e2b 4900 javascript optional
node-knockout_3.4.2-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl58gJYACgkQ9tdMp8mZ
7uliFQ/+MSp7AhR7ilmcY7qcz2KrGn/brXjDEud0mSRHLJ4i035vdXPeLGbTO5Oe
HF5dwKdsSTgQv4T+4cklW969YCYEkuzGtxAwI7PbRNL/dal7fIz4oLULzgj+DSax
o01k/3zNwHSQxvvRf+o9vot2ZXpau3gDMj1/rmfSpjkeNV1kdOAuqUf1Laq0Khbg
i6zqBAQc5E12GDhO1AreaemYENEesgoL2M8aPmG5JFAMyN34ieT59NXWO1UmHCPx
Dquyj0ul6RuPKfEe5pkLw+xEc+u0otBs/soQ90UlqYiJ5Kg/olQaXizp9Igi95Za
oBt4sMU1GTRT3F8Z+4JF5R90cRWzSY5DwYnHBBsA9PctUTHi1Au6IIRn0PwvjIoS
ty0teSI+jDjJLUS9rDxzEpiXl3L8bA+p1sr12JUtKRggR3Rj/ShAIch37D/z5U5s
FSzGNbEX9/Lflthj9WO3Tebva4qb3pw2O1oPwphjXtBFWuI7f0/AoQ6NrebAi5fA
q9L7gvj2U6hdUTi6T0VEt4MlZ2BNdEK3SvzgyEvKZAO8XUfd7+DRfo8eaE3xQ8sc
ifXtb51wjMTgmE825SG+Iph0X0vgYNj6+UOT6+hC09Yn2nPhnyVbfPgqKudmmExv
DxjRKA6GjZpMjK6tc3LXbWkCTdC6Yuun6QJ8TtT82WKVRu3mYbk=
=Cg+R
-----END PGP SIGNATURE-----
--- End Message ---
