Your message dated Sun, 21 Apr 2019 11:02:08 +0000 with message-id <e1hiaea-000161...@fasolo.debian.org> and subject line Bug#927385: fixed in jquery 3.1.1-2+deb9u1 has caused the Debian Bug report #927385, regarding jquery: CVE-2019-11358: Prototype Pollution vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927385: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927385 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: jquery Version: 3.3.1~dfsg-1 Severity: grave Tags: patch security upstream fixed-upstream Justification: user security hole Control: found -1 3.1.1-2 Hi A prototype pollution vulnerability (so far no CVE) has been fixed in jQuery 3.4.0: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ Patches: https://github.com/DanielRuf/snyk-js-jquery-174006?files=1 https://snyk.io/vuln/SNYK-JS-JQUERY-174006 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: jquery Source-Version: 3.1.1-2+deb9u1 We believe that the bug you reported is fixed in the latest version of jquery, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 927...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard <y...@debian.org> (supplier of updated jquery package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2019 22:57:29 +0200 Source: jquery Architecture: source Version: 3.1.1-2+deb9u1 Distribution: stable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Xavier Guimard <y...@debian.org> Closes: 927385 Changes: jquery (3.1.1-2+deb9u1) stretch; urgency=medium . * Team upload * Add patch to prevent Object.prototype pollution (Closes: #927385, CVE-2019-11358) * Disable check-against-upstream-build test (autopkgtest) since file is now patched Checksums-Sha1: 28892912abb88d620a46abc6a10d7052ab238025 2139 jquery_3.1.1-2+deb9u1.dsc 8da1fb0d17b45c37ca535838541d5181689a4f06 9132 jquery_3.1.1-2+deb9u1.debian.tar.xz Checksums-Sha256: 917e2d072c06547ccc0642181322dace7f820d47e3461d7aa7f8e8bd67c568f8 2139 jquery_3.1.1-2+deb9u1.dsc e00067007eae4106309da9682944f1754a4a28200f504cdf9af84398c22b9ab1 9132 jquery_3.1.1-2+deb9u1.debian.tar.xz Files: 2ab5103816eb37e0cc3ebb9568f9f414 2139 web optional jquery_3.1.1-2+deb9u1.dsc 95cd7aed8ba3ef731d5302b50ef159e0 9132 web optional jquery_3.1.1-2+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAly8HlsACgkQ9tdMp8mZ 7umgfA/8Dmw0GeTL/uHv07emNcnEvx/c5ZUQicf/XIBw20yd/jGknUv/5ZG+Egwq 4nnTmR7CPHXXnFZzHT1sx/WGylTH46YvQVU57+af3aJi3MMaPLt5KbJi4+HNlEWA ajBG73icdNt8vUzFhIm7zacB9n8jNyAigVHIvB0Hd9QuSel3Xy96KDdA2g7VjL5V dKttpERCobYVv3Gat/o1SkpmW7pDp028aMbM24PZilHHx2Fz1euINwn8gpXG4aNO LOljscIWB/RMaZzXD0wMOTKbIiUquo8pUngsHLHjGXVCCxPB4bZjPi5vEuKrHF2L aOiCl3MnfPUcFu/I/xOK1GBPJAN5UkzO3fEAnCmqcuO1wR6YRNphmRcRX8K1rJ0a WNKdEXoIrWrFBBtYm2i4WjJD5+tZGnlpgjWDrETexoej8Y5Xk8iTcXUFszbc8nAq jMtQi94sro76Pku6YSrrpcpt37uB1v3Z7ZSH3ZVLiuO/rtWgDc2I2VMhiNmg9HXe 65hs7Rvm1tU5Dhhg8neMkbdjMX7gDIuTXPGzqedSsDwA3t74i2YpH58K4EX6QYAZ qyU4BKMtSqiMY/fuUGbastTWpdeE+1xbkIhy3WL0wYKz22GIBSxuAUm1X9lxAr0v BghujbSJjLGDBT0lH/7U+IB2QBNB4+xvRYX5nYLbHZ0PCB9Vwz4= =1+VI -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
