Hi Yadd, On Wed, May 31, 2023 at 03:13:06PM +0400, Yadd wrote: > Package: release.debian.org > Severity: normal > Tags: bullseye > User: release.debian....@packages.debian.org > Usertags: pu > X-Debbugs-Cc: jquer...@packages.debian.org > Control: affects -1 + src:jqueryui > > [ Reason ] > jqueryui is potentially vulnerable to cross-site scripting > (CVE-2022-31160) > > [ Impact ] > Low security issue > > [ Tests ] > Sadly tests are minimal in this package. Anyway passed > > [ Risks ] > Low risk, patch is trivial > > [ Checklist ] > [X] *all* changes are documented in the d/changelog > [X] I reviewed all changes and I approve them > [X] attach debdiff against the package in (old)stable > [X] the issue is verified as fixed in unstable > > [ Changes ] > Don't accept label outside of the root element > > Cheers, > Yadd
> diff --git a/debian/changelog b/debian/changelog > index 3a6a587..9b1e9cc 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,10 @@ > +jqueryui (1.12.1+dfsg-8+deb11u2) bullseye; urgency=medium > + > + * Team upload > + * Checkboxradio: Don't re-evaluate text labels as HTML (Closes: > CVE-2022-31160) > + > + -- Yadd <y...@debian.org> Wed, 31 May 2023 15:08:55 +0400 Minor thing, you could as well close #1015982 with the upload. Regards, Salvatore