Hi Xavier, On Sat, Feb 29, 2020 at 09:10:51AM +0100, Xavier Guimard wrote: > Package: release.debian.org > Severity: normal > Tags: buster > User: release.debian....@packages.debian.org > Usertags: pu > > Hi, > > dojo is vulnerable to Cross-site Scripting. This is due to > dojox.xmpp.util.xmlEncode only encoding the first occurrence of each > character, not all of them. > > This upstream patch fixes this issue > > Cheers, > Xavier
> diff --git a/debian/changelog b/debian/changelog > index 14447b52..0e5dc462 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,10 @@ > +dojo (1.15.0+dfsg1-1+deb10u1) buster; urgency=medium > + > + * Team upload > + * Cleanup improper regex usage (Closes: #952771, 2019, 10785) ^^^^^^^^^^^ Did you mean CVE-2019-10785 here? Regards, Salvatore