Hi Xavier,
On Sat, Feb 29, 2020 at 09:10:51AM +0100, Xavier Guimard wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian....@packages.debian.org
> Usertags: pu
>
> Hi,
>
> dojo is vulnerable to Cross-site Scripting. This is due to
> dojox.xmpp.util.xmlEncode only encoding the first occurrence of each
> character, not all of them.
>
> This upstream patch fixes this issue
>
> Cheers,
> Xavier
> diff --git a/debian/changelog b/debian/changelog
> index 14447b52..0e5dc462 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,10 @@
> +dojo (1.15.0+dfsg1-1+deb10u1) buster; urgency=medium
> +
> + * Team upload
> + * Cleanup improper regex usage (Closes: #952771, 2019, 10785)
^^^^^^^^^^^
Did you mean CVE-2019-10785 here?
Regards,
Salvatore
