[Pkg-javascript-devel] Bug#1085379: marked as done (jqueryui: CVE-2024-30875)

Tue, 22 Oct 2024 14:48:10 -0700 

Your message dated Tue, 22 Oct 2024 21:44:50 +0000
with message-id <zxgc0hkmvnwux...@inutil.org>
and subject line Re: Bug#1085379: jqueryui: CVE-2024-30875
has caused the Debian Bug report #1085379,
regarding jqueryui: CVE-2024-30875
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1085379: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085379
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: jqueryui
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for jqueryui.

CVE-2024-30875[0]:
| Cross Site Scripting vulnerability in JavaScript Library jquery-ui
| v.1.13.1 allows a remote attacker to obtain sensitive information
| and execute arbitrary code via a crafted payload to the
| window.addEventListener component.

The only reference is https://github.com/Ant1sec-ops/CVE-2024-30875,
this was probably never reported upstream.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-30875
    https://www.cve.org/CVERecord?id=CVE-2024-30875

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
On Tue, Oct 22, 2024 at 10:56:50PM +0200, Paul Gevers wrote:
> Control: forwarded -1 https://github.com/jquery/jquery-ui/issues/2305
> 
> Hi,
> 
> On 18-10-2024 19:09, Moritz Mühlenhoff wrote:
> > The only reference is https://github.com/Ant1sec-ops/CVE-2024-30875,
> > this was probably never reported upstream.
> 
> Apparently somebody did so yesterday. If I read the comment [1] correctly,
> upstream contents the CVE against jqueryui.
> 
> [1] https://github.com/jquery/jquery-ui/issues/2305#issuecomment-2428809965

Thanks, I've marked it as a non issue in the security tracker, let's just close
this bug as well.

Cheers,
        Moritz

--- End Message ---
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to