Your message dated Sun, 10 Aug 2025 17:01:34 +0000
with message-id <e1ul9qm-009hcj...@fasolo.debian.org>
and subject line Bug#1099619: fixed in node-prismjs 1.30.0+dfsg+~1.26.5-1
has caused the Debian Bug report #1099619,
regarding node-prismjs: CVE-2024-53382
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1099619: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099619
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-prismjs
Version: 1.29.0+dfsg+~1.26.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/PrismJS/prism/issues/3864
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-prismjs.
CVE-2024-53382[0]:
| Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with
| resultant XSS for untrusted input that contains HTML but does not
| directly contain JavaScript), because document.currentScript lookup
| can be shadowed by attacker-injected HTML elements.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-53382
https://www.cve.org/CVERecord?id=CVE-2024-53382
[1] https://github.com/PrismJS/prism/issues/3864
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-prismjs
Source-Version: 1.30.0+dfsg+~1.26.5-1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-prismjs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1099...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-prismjs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 10 Aug 2025 17:53:29 +0200
Source: node-prismjs
Architecture: source
Version: 1.30.0+dfsg+~1.26.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1099619
Changes:
node-prismjs (1.30.0+dfsg+~1.26.5-1) unstable; urgency=medium
.
* Team upload
* Update lintian overrides
* Install examples
* Declare compliance with policy 4.7.2
* New upstream version (Closes: 1099619, CVE-2024-53382)
Checksums-Sha1:
4d00581adfafb12271676bd278f7eadf2b42b313 2540
node-prismjs_1.30.0+dfsg+~1.26.5-1.dsc
8a58c8e2595affc95ef7e4f6bbef4976afcdb048 6012
node-prismjs_1.30.0+dfsg+~1.26.5.orig-types-prismjs.tar.xz
3b520da2d36b64b3d18d03de7a0f3bdd52ed2f69 2215808
node-prismjs_1.30.0+dfsg+~1.26.5.orig.tar.xz
9747a903782c6776d6a3e7fedd9657c540ef5aaf 4348
node-prismjs_1.30.0+dfsg+~1.26.5-1.debian.tar.xz
Checksums-Sha256:
4ab2c4a694235c6d93df682cd4ae673458f1e05fad83f4784e58a6ea9f134372 2540
node-prismjs_1.30.0+dfsg+~1.26.5-1.dsc
f0e4402f82d8bf9aa321cdf01ccdbb731770282ae3c5cc3471e193ddd38faf35 6012
node-prismjs_1.30.0+dfsg+~1.26.5.orig-types-prismjs.tar.xz
0458bd7223528b96d8e8bdf721e69dc99174b3f7a96971ed546f4636e1e54eca 2215808
node-prismjs_1.30.0+dfsg+~1.26.5.orig.tar.xz
e34738e1d2ee9fb228a77cd5d5865b3fa28b6e014c34f78dfd76403ffb12d8ec 4348
node-prismjs_1.30.0+dfsg+~1.26.5-1.debian.tar.xz
Files:
31b71337175a38a6e0bf0e51557cd481 2540 javascript optional
node-prismjs_1.30.0+dfsg+~1.26.5-1.dsc
f160f0fd131025efcef3d20b929a3e0a 6012 javascript optional
node-prismjs_1.30.0+dfsg+~1.26.5.orig-types-prismjs.tar.xz
06feaba8b70c7d0dad1c2bc1e3031784 2215808 javascript optional
node-prismjs_1.30.0+dfsg+~1.26.5.orig.tar.xz
1e9420f79d99549af4c5dd34d71cecc5 4348 javascript optional
node-prismjs_1.30.0+dfsg+~1.26.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmiYwTYACgkQ9tdMp8mZ
7unKWA//RLI02WXQboAcfW6Gq0n5Q20mKAUtKrop2sffT8A24sBLIiV/fAJ0xrY5
BrJ5p4vzjt1l6uHgTqev4SDUt/c+b5QmhdJJGoqaeK2W7O8/+/UfHXXtU+eJs9B9
TyGF3+79u6ihTwuKm7awT1+WGVZOBRz9Uf8TpRzMGT5jgfjCTaQ92SMh/DRF5cdd
6Wb5mCjtmJFfVEJcDn7aM8rHO/l/uopW0tF0UMG95gDCgZxq1YDlmaAS37JQSXvE
5gTiWF6t+7HEoksfUodi4fbGRivVpr2KwYcZIGt+jwdnhpFJMHlO6XaFPC20JT0R
tZXoOjrvSsTvmqfrj3qF6YtkbJH5fWWCxqholpZ1qkTHUIFMLdgnRyd3Oatb7l3M
k8KC5cob3WrKA4+BDCSngE2bVuE32BRFWCXkkY5KACIHJPjVNgTX1+ps+9XVbj6a
UFOxVZ7/a4plFG9xpG/f9RTZANmsOg7DWywri8Ie2PH73wX+2cHNCv6kgQg/W4XU
x0b5RvhpK/T7Tr6a/T1zK8iQvSjastz6ESzfyoHdxLmzo3ldQBK1fKLWGtfc2oPz
UZm13tVmN3pZRz05DA6NUTFQLfBPpAOBXOveLYX//B2/nto3UWb05zkbbirgWff6
9/RkIpc1TUluHEWe2aHCamEEqnGNAOWaG4bjoh2YTqsJ+q8BJqI=
=8sYe
-----END PGP SIGNATURE-----
pgpg37nUVmPRS.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
