Your message dated Sat, 28 Mar 2020 18:02:54 +0000
with message-id <e1jifnk-0003sl...@fasolo.debian.org>
and subject line Bug#943560: fixed in node-knockout 3.4.2-2+deb10u1
has caused the Debian Bug report #943560,
regarding node-knockout: CVE-2019-14862
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
943560: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943560
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-knockout
Version: 3.4.2-2
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for node-knockout.
CVE-2019-14862[0]:
|Cross-site Scripting (XSS) attacks due to not escaping the name
|attribute.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14862
[1] https://github.com/knockout/knockout/issues/1244
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-knockout
Source-Version: 3.4.2-2+deb10u1
Done: Xavier Guimard <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-knockout, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 943...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated node-knockout package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Mar 2020 11:17:36 +0100
Source: node-knockout
Architecture: source
Version: 3.4.2-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Closes: 943560
Changes:
node-knockout (3.4.2-2+deb10u1) buster; urgency=medium
.
* Team upload
* Fix bad escaping for old MSIE (Closes: #943560, CVE-2019-14862)
Checksums-Sha1:
2724caef01b013def63bbd68b12a2776126c5eb5 2057 node-knockout_3.4.2-2+deb10u1.dsc
19b1ab9f4484fa652846b0022d3de691d403d9a3 4404
node-knockout_3.4.2-2+deb10u1.debian.tar.xz
Checksums-Sha256:
a4df769fbabb1891334d70bbb2d836a0518e919816c8cb427449c493d2e4a0b4 2057
node-knockout_3.4.2-2+deb10u1.dsc
9634af05a6ddf3ffb568a0e1da0f0102754f5a97728711967dae9ef8717d3934 4404
node-knockout_3.4.2-2+deb10u1.debian.tar.xz
Files:
fd9c391fb14ba6b424c0f6f4f53eb641 2057 javascript optional
node-knockout_3.4.2-2+deb10u1.dsc
5352bd7efd0254beb0439ccf7cd77074 4404 javascript optional
node-knockout_3.4.2-2+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl5/WRIACgkQ9tdMp8mZ
7umyrxAAmPvR1eO2wH5tapYSlQNSQc2wCBGTD6I8i/CKqEZtmsJUiP1noiCtLlRW
ntH4jSFtKrkTO3ytdL23KbwD43bpwN+c/Nr1wDvxmmHo7A/V+8pVC/h56vzhAzmU
HzjLB0iEh3vRzkIS5UyKrcw4rqiLgHWpjnVuQNz11zKiJmgS5dDfaJXIgsXL5bPk
OIWbrs0DyrQL49+akPFgdsjN4Pn4cZ+yXZ8rveA0kT2FG7ZbsdSPx+UFZR5N3fMn
CYlewC2z43WM1UiwuLjrqi+XJZSpeLvWMGZvGTnvzak8pT8lBeYoaae2AK+06JQm
wqYaDeLi7DHwtr7KOIv657Fz+iW25fq9MqbgOpJ7uecRj1nnceQvgbJHTPPUxro8
TV1yFnjKeMb4zTX3OfqeUZ6vw+JZtsSqFCFH8PnSZxsUmQGnASt4b0f2Uu4ttUuM
9v2tw8iL63tkgLQNPYzgLha7eX8U2SLBx8NMvjtoxMGlptGGZ5vzBlp9ma/8PdS3
us4kmLRxkpwVnkNVJZxXd/wz6crGAIDD4k3iXzSVMhnUkTuTGDo1tMca3H6NpgZq
2EkuOHOvP9F+PNaH9nOeXxF2y+6YQ+gs5hz7smVUw9e3xw/orTi3dYqCd85zFmaw
wbF0LYWZL+di0S4phfU4sWLRwWQjMLn/NcMsDj1Cgk7z3F2gZwk=
=Xp5J
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
