Your message dated Sat, 29 Feb 2020 07:34:54 +0000 with message-id <e1j7wee-000ipf...@fasolo.debian.org> and subject line Bug#952771: fixed in dojo 1.15.2+dfsg1-1 has caused the Debian Bug report #952771, regarding dojo: CVE-2019-10785 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 952771: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952771 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: dojo Version: 1.15.0+dfsg1-1 Severity: important Tags: security upstream Control: found -1 1.14.2+dfsg1-1 Hi, The following vulnerability was published for dojo. CVE-2019-10785[0]: | dojox is vulnerable to Cross-site Scripting in all versions before | version 1.16.1, 1.15.2, 1.14.5, 1.13.6, 1.12.7 and 1.11.9. This is due | to dojox.xmpp.util.xmlEncode only encoding the first occurrence of | each character, not all of them. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10785 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10785 [1] https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr [2] https://snyk.io/vuln/SNYK-JS-DOJOX-548257 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: dojo Source-Version: 1.15.2+dfsg1-1 Done: Xavier Guimard <y...@debian.org> We believe that the bug you reported is fixed in the latest version of dojo, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 952...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard <y...@debian.org> (supplier of updated dojo package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Feb 2020 08:17:40 +0100 Source: dojo Architecture: source Version: 1.15.2+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Xavier Guimard <y...@debian.org> Closes: 952771 Changes: dojo (1.15.2+dfsg1-1) unstable; urgency=medium . * Team upload . [ Debian Janitor ] * Update standards version to 4.4.1, no changes needed. * debian/copyright: use spaces rather than tabs to start continuation lines. * Fix day-of-week for changelog entries 1.3.2+dfsg-1. . [ Xavier Guimard ] * Declare compliance with policy 4.5.0 * Add debian/gbp.conf * Add upstream/metadata * New upstream version 1.15.2+dfsg1 (Closes: #952771, CVE-2019-10785) * Update lintian overrides Checksums-Sha1: 759df8d54aaf0a7ed583c7262f7e2fdc53852d86 2385 dojo_1.15.2+dfsg1-1.dsc 2b0d676dcadebaf069bedce9404c2cc577d07f9f 30314740 dojo_1.15.2+dfsg1.orig.tar.xz 91f451c423d779e59b2e4ce726b0db2a9bc1eabc 15256 dojo_1.15.2+dfsg1-1.debian.tar.xz Checksums-Sha256: 790e67a3044c9f4045d107aa88e7d5b9789d8f32da545a9b73184a37b303a71b 2385 dojo_1.15.2+dfsg1-1.dsc 9af21c31590815ebb14bb6a58cde17841c0c5ac391fb0af4530d85431c615500 30314740 dojo_1.15.2+dfsg1.orig.tar.xz 5acd883095aa2dc9091d4b6e22e965ee1b2901c8b8f112944ab7285f087361a8 15256 dojo_1.15.2+dfsg1-1.debian.tar.xz Files: 4a63dc40c4d99d1d263fd547e979d151 2385 javascript optional dojo_1.15.2+dfsg1-1.dsc 7f35fc74fdce6055774b45521ec765a2 30314740 javascript optional dojo_1.15.2+dfsg1.orig.tar.xz 4d7eeac54b4fe6060f0b4fb708022157 15256 javascript optional dojo_1.15.2+dfsg1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl5aEZcACgkQ9tdMp8mZ 7um0Wg/+Ki3gpgH6Rs7E4DWUZxj9SQ3cklNJN4f9X5LxADLL7g9mTcAruN32CqcZ drpcLTsvcpKIWk5KQ0iZCUcPLbt08psYU2gTUNIOLOicKJEAoE52Be7+5tX+SG7q yKt2iCeVvu7mOBWWyu8ZAkF/8c1wnnIHr1Kcx0Ko+tzw3FLd1TMZIJ/9kaJqUDGH UQQPv8ytVFaHdFyJQm6iOGgQftgrcR28kFC9YDbR5Ji7TfO01LoHUEyTWOY/Rkzg lIbQeqFH4WpYgMEa+A2rbRIWcViInaxOf7swkv3cHJCXqozPPdq03jy8qSjPD66/ O8DadUNqHEB6woGd+T4H9EV0eiB6YbKmykkJqOUtRG3WOR2qRMqIswZm/NBQXg+k Vg2q7udq+F1IpMLA0kK8BMPijZEK9gVJkrKx4A5liowMKzttFNiGFvwURpS6a/su Xhd970IkTPB3Ma6pqnNtZyMDRVVF6wUmd4dzEr2QDNAw0B+yo8KE3SGYzSJb0vT1 M9HRcl6Jm1ZclYiNWxAcerDkEt+0ihAFWcSbkK8Xqjmaxu4/BEI7IaSKfzviPGjw GKtPx0cjjejy/1OIcSLBzJ82LJTr+e6iDf/qotq8+oUNVLhm6fheDMZsnOeXVrUE w0rVWE0e5uP4ggGsnXjhmj2jlbx3VZQFOiD4dbYSXEP2f6Y2TnI= =Xz4C -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
