Your message dated Fri, 02 Aug 2019 13:49:54 +0000
with message-id <[email protected]>
and subject line Bug#928515: fixed in node-bootstrap-tour 0.12.0+dfsg-2
has caused the Debian Bug report #928515,
regarding libjs-bootstrap-tour: Bootstrap sanitize breaks buttons in
bootstrap-tour
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
928515: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928515
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libjs-bootstrap-tour
Version: 0.11.0+dfsg-1
Severity: normal
Tags: patch
Dear Maintainer,
A recent security update to Bootstrap 3 (for CVE-2019-8331) brakes
bootstrap-tour, because the sanitation removes the next/prev buttons
from the popover. A workaround is passing 'sanitize:false' option to popover(),
see attached patch.
-- System Information:
Debian Release: 9.9
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-0.bpo.4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libjs-bootstrap-tour depends on:
ii libjs-bootstrap 3.3.7+dfsg-2+deb9u2
ii libjs-jquery 3.1.1-2+deb9u1
libjs-bootstrap-tour recommends no packages.
libjs-bootstrap-tour suggests no packages.
-- no debconf information
diff -uprN node-bootstrap-tour-0.11.0+dfsg/src/coffee/bootstrap-tour.coffee
node-bootstrap-tour-0.11.0+dfsg-patched/src/coffee/bootstrap-tour.coffee
--- node-bootstrap-tour-0.11.0+dfsg/src/coffee/bootstrap-tour.coffee
2016-08-06 08:05:19.000000000 +0200
+++ node-bootstrap-tour-0.11.0+dfsg-patched/src/coffee/bootstrap-tour.coffee
2019-05-06 15:56:18.083204254 +0200
@@ -518,6 +518,7 @@
title: step.title
content: step.content
html: true
+ sanitize: false
animation: step.animation
container: step.container
template: step.template
--- End Message ---
--- Begin Message ---
Source: node-bootstrap-tour
Source-Version: 0.12.0+dfsg-2
We believe that the bug you reported is fixed in the latest version of
node-bootstrap-tour, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Puydt <[email protected]> (supplier of updated node-bootstrap-tour
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 02 Aug 2019 15:08:05 +0200
Source: node-bootstrap-tour
Architecture: source
Version: 0.12.0+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Julien Puydt <[email protected]>
Closes: 928515
Changes:
node-bootstrap-tour (0.12.0+dfsg-2) unstable; urgency=medium
.
* Point Vcs-* fields to salsa.
* Use my @debian.org mail address.
* Use https for the d/copyright format.
* Add patch from Karsten Koop (Closes: #928515).
* Bump dh compat to 12 and drop d/compat.
* Bump std-ver to 4.4.0.
Checksums-Sha1:
9f37e4f863307237b1778802a6ae49323c52f40d 2159
node-bootstrap-tour_0.12.0+dfsg-2.dsc
a32124edab3a6a911765718d20d09a2dd90d6890 9424
node-bootstrap-tour_0.12.0+dfsg-2.debian.tar.xz
ce57118efee4247188b87edb081b9b5c9275d0a6 7882
node-bootstrap-tour_0.12.0+dfsg-2_source.buildinfo
Checksums-Sha256:
331633bfff90c7af4a0c10993f39f4cf30af7c44661b1d69f01ad06713d829eb 2159
node-bootstrap-tour_0.12.0+dfsg-2.dsc
83def4e5dc1394f7531e378456042275da426d9945a79f56cb50c087d4e8ab60 9424
node-bootstrap-tour_0.12.0+dfsg-2.debian.tar.xz
0dd1849c37b1b221adafa9333a54c16d92467a785c72f598733cd46d9162059f 7882
node-bootstrap-tour_0.12.0+dfsg-2_source.buildinfo
Files:
9805b3bb167a8cc4858404c6fa84a9e5 2159 javascript optional
node-bootstrap-tour_0.12.0+dfsg-2.dsc
e838aefb2be83a8e8e11e13ecbf9a600 9424 javascript optional
node-bootstrap-tour_0.12.0+dfsg-2.debian.tar.xz
4a5f859ac439280f6128b2389b980a4d 7882 javascript optional
node-bootstrap-tour_0.12.0+dfsg-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEgS7v2KP7pKzk3xFLBMU71/4DBVEFAl1ENs8SHGpwdXlkdEBk
ZWJpYW4ub3JnAAoJEATFO9f+AwVR1CcP/ixUjF+cdy5ueW4vluPcqiE9k4b8OPF+
mMsk+3ZZgQ3SocIKKiBCbQYw8DJRthhGtqCkb+9q5X4oH/rtiutp0mvP3FUOBr0M
z1iy/AWmvK2qS6tqmw8/FMX6lZzUKEQBLzp/IPkfmUZkHWfWTca/wEc9O72RYju6
dBHYBLPfdSPFMawwGzgAuXODi+v3UmZRrqIypqRUpd4+vk2WkadIytheH5wEUPja
/NVv3neY+EL0M8BxKUmdjP1BllxG+l+uKQAPR75iY7/61lEAdFGNNted2yVFDaHW
A11GjrjIL1aGECikKTPtflUZ7/qCVKKT+552J7qdQ53Rpg0qlTr8MWZQAIISesGt
1bc6v36c+k5fuV4xb7K5yMEfxVllJv1y5gj5qM5z38+fObzT5GtLdgHbpprFzaWP
oBuIS270oRJ5gpknBXgeRsfiK1BdLzVwq9Ah/jFD6qX2w053Lp5U+pBMId4fE2sq
KFF3gTgMiQDu36w6UX412731mEjza5Yl1AIFT4VuvkNaTZucb5lYCGDs1JEgUHEu
X7lIzcO9sJKZ1rUYjCfzFeC/cXaKP8W8Lb3bQS8f2a3uMIH9LoNNSag+ILw2VP3Z
ZWNeiZDyrS98c5wW68WshhgeKAXHKuRLKFWFw+m77aLMabhot+A2LT/9KPaxGQNm
syWlvVarNME2
=SU6c
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
