Your message dated Thu, 18 Apr 2019 21:04:26 +0000
with message-id <e1hheco-00012b...@fasolo.debian.org>
and subject line Bug#927385: fixed in jquery 3.3.1~dfsg-2
has caused the Debian Bug report #927385,
regarding jquery: Prototype Pollution vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
927385: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927385
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jquery
Version: 3.3.1~dfsg-1
Severity: grave
Tags: patch security upstream fixed-upstream
Justification: user security hole
Control: found -1 3.1.1-2
Hi
A prototype pollution vulnerability (so far no CVE) has been fixed in
jQuery 3.4.0:
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Patches: https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: jquery
Source-Version: 3.3.1~dfsg-2
We believe that the bug you reported is fixed in the latest version of
jquery, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 927...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated jquery package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 18 Apr 2019 22:34:14 +0200
Source: jquery
Architecture: source
Version: 3.3.1~dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Closes: 927385
Changes:
jquery (3.3.1~dfsg-2) unstable; urgency=medium
.
* Team upload
* Add patch to prevent Object.prototype pollution (Closes: #927385)
* Upgrade links to https
Checksums-Sha1:
c68b8f4dfd48b0fff00894739d377bf370d45127 2070 jquery_3.3.1~dfsg-2.dsc
51bd8d5330e761a474a2f5f1741212ec5ffacd5b 12428
jquery_3.3.1~dfsg-2.debian.tar.xz
Checksums-Sha256:
3f053bce209434e572da87b1fa74c0834ec9db4e5af90cb00ea867ec50572c0e 2070
jquery_3.3.1~dfsg-2.dsc
0ff3f35dff884577a0e3b0d285e2b85955b0643dc25a3765b49f64bcbc0dfb68 12428
jquery_3.3.1~dfsg-2.debian.tar.xz
Files:
6a9867fd4f75fe097723420c6fa65892 2070 javascript optional
jquery_3.3.1~dfsg-2.dsc
b09585e6b6e360839a18613da850f93e 12428 javascript optional
jquery_3.3.1~dfsg-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAly43/YACgkQ9tdMp8mZ
7ul3qA//YEJDt0cuwEexHBYGK+cBt75QkP3XVQLJTHxo46/HCdwlKh81UNhMXf6o
in1Zx+ztg6bnwgXWmeC572y46yg4FHi3laZbNDXdzuOnQX/taqdCJlDw0xh6YuRL
+0HbEh4n8fzWz018lozJFuK5+npdzN02RrGvh6WJCD3NFGAUuc4rkCTDGK/9trNX
H7VAf8bRqUIvVwE3I2uU/wIB3xx+bGL/4+FP0Gu6zJxmlnyGGDlOxJiEi+6+zXir
7zbWSvHoVaohTGn8EBAgOpR+Q+v3xu0pJFw+SH2oXMSVkSwEVIPTLiswQMMnI1ta
shzwwkWMcgZ+NCYT9XiblycTciEK2wW345TRV0VlNDf7bt56C269nlPvCkSk3Fsh
pCKe1jKsHN+qbXcBz2tWWSMGokSv47Ikco8saHk3dCEYs04t83ixlVK8kvE1H33b
MamNUXGkaoSaCnDxX4zh0Q0b32a9JnyQLAzGVqeS5zIeXz+RIIMvxrIqwH5fQmsU
u577a+EVKeTEB/3bmLRUkN0lnjtEEBjgps8bWQ56qIYJuoSVGvGBd9uaAdi1SxRq
37weyrq9lW8Qy/eQQS8Iyx6UNnB1zdBiD7umCfPb6i9ub5QNLd9GS518rMv07VQI
VLUW0jUuIWz2O7E3zxii7WdVdQBHGDL8yOW6EInrlsOL6iLaibk=
=gTRU
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel