Your message dated Sat, 03 May 2025 02:49:56 +0000
with message-id <[email protected]>
and subject line Bug#1104134: fixed in kalkun 0.8.3.2-1
has caused the Debian Bug report #1104134,
regarding CVE-2025-3573
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1104134: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104134
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: kalkun
Version: 0.8.3.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for kalkun
CVE-2025-3573[0]:
| Versions of the package jquery-validation before 1.20.0 are
| vulnerable to Cross-site Scripting (XSS) in the showLabel()
| function, which may take input from a user-controlled placeholder
| value. This value will populate a message via $.validator.messages
| in a user localizable dictionary.
civicrm includes embedded jquery-validation.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-3573
https://www.cve.org/CVERecord?id=CVE-2025-3573
[1] https://github.com/jquery-validation/jquery-validation/pull/2462
[2]
https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: kalkun
Source-Version: 0.8.3.2-1
Done: Fab Stz <[email protected]>
We believe that the bug you reported is fixed in the latest version of
kalkun, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fab Stz <[email protected]> (supplier of updated kalkun package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 02 May 2025 14:51:00 +0200
Source: kalkun
Architecture: source
Version: 0.8.3.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: Fab Stz <[email protected]>
Closes: 1104134
Changes:
kalkun (0.8.3.2-1) unstable; urgency=medium
.
* New upstream version 0.8.3.2 (Closes: #1104134) (CVE-2025-3573)
* Enable Salsa CI using default template
* fix FSF address in copyright file
* remove d/missing-sources/media/js/jquery-plugin/jquery.emoticons.js
* update jquery.validate.js to 1.21.0 in d/missing-sources
Checksums-Sha1:
56a420e0fb8095ba55854c467048d43bf65dc272 3613 kalkun_0.8.3.2-1.dsc
de560d9e5e06cb79e940609a97203615b631ba8e 570968 kalkun_0.8.3.2.orig.tar.xz
faa320f650cefdf5f69c673f799b7bdf72540df7 254020 kalkun_0.8.3.2-1.debian.tar.xz
25eccc1136940a8049ae9320973e6e0387c4709e 13847 kalkun_0.8.3.2-1_amd64.buildinfo
Checksums-Sha256:
2fdf4ab93b41f27c1c8c757710dc2a5d37ee8c409f20fdd533c3dcb82f9daed8 3613
kalkun_0.8.3.2-1.dsc
c54a2db29974c9f4774ba26abe69c872962fbb68d74ab53f81bddf92fb44243d 570968
kalkun_0.8.3.2.orig.tar.xz
16b26f01d931b7b85232dd9e5ac2262ae2a6ef86a1619b46f5b696f9e3f54202 254020
kalkun_0.8.3.2-1.debian.tar.xz
a3317ac6e7f0765e87790bc1a21cf76611c57e0d26658aaa77924006f4e6c93c 13847
kalkun_0.8.3.2-1_amd64.buildinfo
Files:
742dd49fcc703eadfa0094f148300b0b 3613 php optional kalkun_0.8.3.2-1.dsc
8a2eebc48917f5deced156bc3cca5713 570968 php optional kalkun_0.8.3.2.orig.tar.xz
8bae6e1fc78c4e0fea1b3a03a9fb55fd 254020 php optional
kalkun_0.8.3.2-1.debian.tar.xz
2bff57d1fafac60648b61f3bc3b9f5a6 13847 php optional
kalkun_0.8.3.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCgA0FiEEfWrbdQ+RCFWJSEvmd8DHXntlCAgFAmgVgLIWHGp2YWxsZXJv
eUBtYWlsYm94Lm9yZwAKCRB3wMdee2UICAylD/4/vebFYeHqKbb/dmglKdPnnXI6
Qtsuc6zHWqQMViQIUGTQ/Z1ovJcBGFnk7IxxN7acSjM3MeYW8ItswQSzNJXyj1jl
Ru9eW0+iB0GghT69D8M6+76ZNQmgmY5C/kORYKRy7h8tcWf3b3ypClPgOLnFhWMN
kDC4LGz99mcGVe0MRgHleTLut7Gsk5hpd9ejDd73OJY51H7LlxVSQhM0e1tk4TkI
ajEaVNPzXIaxdAWlA1d+P2Y/FNIT8ou39tDnu0gqZ5pxT9wVu4tjCMSbzKN638Kk
jHI3VXQVNV3aVAhe0oeeirjqSroC0Gyrkfwfpogpceizz6Tr3/j3aW59J0Tg/8rJ
ojhYvbheOyz9gvcjFPtVwAz8/NYqHWlkKc4iR3KQ5ixGUySX8yFGLECN10/n38aG
fO6w7FTp17Wy7UNQMSMtMlMqetSN9XrRgeV//otkqOoWdht1uWfRUZJHkMe1Hmc0
A5XeKi3DBXJcHLhw038Q7+RLLp2OduTqyF+2MiquI52pJcAdZSUm6OEAnmvAGJqz
IDxBKxY3a4mTYyqV/kssA/HX2FXddwDoYevzjz1jZgptIreHJ9dxaty0EKUKN7Lf
BTYkmelTvaVQ6MRAy/vetEFxefXpekcEWIty9OM5+nUy8IZLRXYgRy0L+9qT0vOV
Ig5/eisfJP+vk4Wm/Q==
=J4pE
-----END PGP SIGNATURE-----
pgpIFLuPtsTax.pgp
Description: PGP signature
--- End Message ---
