[Pkg-javascript-devel] Processed: autosize build is broken (throws error is diaspora web console)
Processing control commands: > affects -1 ruby-rails-assets-autosize,diaspora Bug #990458 [libjs-autosize] autosize build is broken (throws error is diaspora web console) Added indication that 990458 affects ruby-rails-assets-autosize and diaspora -- 990458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990458 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#990458: autosize build is broken (throws error is diaspora web console)
Package: libjs-autosize Severity: grave Version: 4.0.2~dfsg1-5 Control: affects -1 ruby-rails-assets-autosize,diaspora I think during transition to babel7 something broke. This causes diaspora ui to break, Uncaught ReferenceError: module is not defined at main-e074888ae8b7a9cd9ffd9335b56c44872cea8212be3599667e8dd56947c37546.js:3 at $.fn.charCount (main-e074888ae8b7a9cd9ffd9335b56c44872cea8212be3599667e8dd56947c37546.js:3) at main-e074888ae8b7a9cd9ffd9335b56c44872cea8212be3599667e8dd56947c37546.js:3 This leads to, (t((t={exports:{}}).exports),e.autosize=t.exports)}("undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:this,function(e){"use strict";function n(a){function e(){var e=window.getComputedStyle(a,null);"vertical"===e.resize?a.style.resize="none":"both"===e.resize&&(a.style.resize="horizontal"),r="content-box"===e.boxSizing?-(parseFloat(e.paddingTop)+parseFloat(e.paddingBottom)):parseFloat(e.borderTopWidth)+parseFloat(e.borderBottomWidth),isNaN(r)&&(r=0),i()}function o(e){var t=a.style.width;a.style.width="0px",a.offsetWidth,a.style.width=t,a.style.overflowY=e}function n(e){for(var t=[];e&& instanceof Element;)e.parentNode.scrollTop&({node:e.parentNode,scrollTop:e.parentNode.scrollTop}),e=e.parentNode;return t}function s(){var e,t;0!==a.scrollHeight&&(e=n(a),t=document.documentElement&,a.style.height="",a.style.height=a.scrollHeight+r+"px",l=a.clientWidth,e.forEach(function(e){e.node.scrollTop=e.scrollTop}),t&&(document.documentElement.scrollTop=t))}function i(){s();var e=Math.round(parseFloat(a.style.height)),t=window.getComputedStyle(a,null),n="content-box"===t.boxSizing?Math.round(parseFloat(t.height)):a.offsetHeight;if(nr,l,c,u,d;a&&&"TEXTAREA"===a.nodeName&&!p.has(a)&&(c=l=r=null,u=function u(){a.clientWidth!==l&()},d=function(t){window.removeEventListener("resize",u,!1),a.removeEventListener("input",i,!1),a.removeEventListener("keyup",i,!1),a.removeEventListener("autosize:destroy",d,!1),a.removeEventListener("autosize:update",i,!1),Object.keys(t).forEach(function(e){a.style[e]=t[e]}),p["delete"](a)}.bind(a,{height:a.style.height,resize:a.style.resize,overflowY:a.style.overflowY,overflowX:a.style.overflowX,wordWrap:a.style.wordWrap}),a.addEventListener("autosize:destroy",d,!1),"onpropertychange"in a&&"oninput"in a&("keyup",i,!1),window.addEventListener("resize",u,!1),a.addEventListener("input",i,!1),a.addEventListener("autosize:update",i,!1),a.style.overflowX="hidden",a.style.wordWrap="break-word",p.set(a,{destroy:d,update:i}),e())}function t(e){e=p.get(e);e&()}function i(e){e=p.get(e);e&()}e["default"]=void 0;var a,o,p="function"==typeof Map?new Map:(a=[],o=[],{has:function r(e){return-1o[a.indexOf(e)]},set:function c(e,t){-1===a.indexOf(e)&&(a.push(e),o.push(t))},"delete":function u(e){e=a.indexOf(e);-1m(e){return new Event(e,{bubbles:!0})};try{new Event("test")}catch(d){m=function m(e){var t=document.createEvent("Event");return t.initEvent(e,!0,!1),t}}var s=null;"undefined"==typeof window||"function"!=typeof window.getComputedStyle?((s=function s(e){return e}).destroy=function(e){return e},s.update=function(e){return e}):((s=function s(e,t){return e&(e.length?e:[e],function(e){return n(e,t)}),e}).destroy=function(e){return e&(e.length?e:[e],t),e},s.update=function(e){return e&(e.length?e:[e],i),e}),e["default"]=s,module.exports=exports["default"]}),$.fn.charCount=function(i) -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] node-mermaid_8.11.0+ds+~cs29.13.22-1_sourceonly.changes ACCEPTED into experimental
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 29 Jun 2021 16:01:18 +0200 Source: node-mermaid Architecture: source Version: 8.11.0+ds+~cs29.13.22-1 Distribution: experimental Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Yadd Changes: node-mermaid (8.11.0+ds+~cs29.13.22-1) experimental; urgency=medium . * Team upload * New upstream version 8.11.0+ds+~cs29.13.22 (Closes: CVE-2021-35513 patch) Remove CVE-2021-35513 patch Checksums-Sha1: f1542479af91827e449b7b7eae5b7061b6a1802c 6160 node-mermaid_8.11.0+ds+~cs29.13.22-1.dsc 40fbc1b8f960a80bb0873531364400bf8fd1441e 6004 node-mermaid_8.11.0+ds+~cs29.13.22.orig-crypto-random-string.tar.xz 58461ff4fb6b04598dfc7c8e309be9026940fc72 2136 node-mermaid_8.11.0+ds+~cs29.13.22.orig-entity-decode.tar.xz 33bea34abc7e989b2656b21352c2995226b3f8e9 82692 node-mermaid_8.11.0+ds+~cs29.13.22.orig-escaper.tar.xz 050ff337fe01a80d47bdec7c929f7bd6f6bab456 2668 node-mermaid_8.11.0+ds+~cs29.13.22.orig-is-regexp.tar.xz 8c7834385d31df958f97133b5f2b01aa54fc2291 25644 node-mermaid_8.11.0+ds+~cs29.13.22.orig-khroma.tar.xz 57591e2d63f07677f8f564d9a24fa65c9ad595c5 6304 node-mermaid_8.11.0+ds+~cs29.13.22.orig-sanitize-url.tar.xz d28bc60134f2fd2c0926cc8dab4d3a277ae0048d 2268 node-mermaid_8.11.0+ds+~cs29.13.22.orig-scope-css.tar.xz 70d95145dd0cdb0a4f0dba129afa12ca69d8a309 10648 node-mermaid_8.11.0+ds+~cs29.13.22.orig-slugify.tar.xz c344ab29803f38117fcfdff3d21ce4341389e519 20368 node-mermaid_8.11.0+ds+~cs29.13.22.orig-strip-css-comments.tar.xz 9cca3305d07e8f89dbd6e81909226c6a080cebad 2 node-mermaid_8.11.0+ds+~cs29.13.22.orig-stylis.tar.xz 0b69a98a9f716583186e9c3a03b58ee39273fe8f 5852 node-mermaid_8.11.0+ds+~cs29.13.22.orig-webpack-node-externals.tar.xz 71b7d48a52aa5014b1570bff1a2968cc698b54d2 1777624 node-mermaid_8.11.0+ds+~cs29.13.22.orig.tar.xz cac68a3309f88690dcc44630e9849eabfcd61d3b 6052 node-mermaid_8.11.0+ds+~cs29.13.22-1.debian.tar.xz Checksums-Sha256: d6ab1109b992fc246b7272d8e36563c9d7eec01a84cc6f9b206dee4c6e15b741 6160 node-mermaid_8.11.0+ds+~cs29.13.22-1.dsc e31fa829e72c7659f4dbcefd931f32a9843c18b74f0932b7d14fa3edf5a47a16 6004 node-mermaid_8.11.0+ds+~cs29.13.22.orig-crypto-random-string.tar.xz f7fefeabf00220dd95b30af5f85ad0d721954f93ccf0994ec5d0a03fa6471772 2136 node-mermaid_8.11.0+ds+~cs29.13.22.orig-entity-decode.tar.xz 3179f027c34aceeceebffe724cea6332bf5f82a7ec9a1440b42f0d49a675f437 82692 node-mermaid_8.11.0+ds+~cs29.13.22.orig-escaper.tar.xz dafe9a763a2768af41317d57f9549a6bed9a66971a7c8efb7a456d0361379a4f 2668 node-mermaid_8.11.0+ds+~cs29.13.22.orig-is-regexp.tar.xz d874d940fe78bacefb191ef15a46a3077e6b500a74ad90894cb91fda6dcda778 25644 node-mermaid_8.11.0+ds+~cs29.13.22.orig-khroma.tar.xz 1679341567c789b2293d7f636a5fe7f21e498c98f098e91dbc62675632ca0395 6304 node-mermaid_8.11.0+ds+~cs29.13.22.orig-sanitize-url.tar.xz 204642ba2da8be1b4d568076776b51258cd45ff086a35f761acaaeb8e23c 2268 node-mermaid_8.11.0+ds+~cs29.13.22.orig-scope-css.tar.xz 7ba12c2edad67f3a016e16b1055b1d3a028b4a7ab108d1d3ad8075068b539cf8 10648 node-mermaid_8.11.0+ds+~cs29.13.22.orig-slugify.tar.xz e7ed5a7b8e789ba06c4339f1e5c2d5853a3321b39e08f4c19b04defed62da58e 20368 node-mermaid_8.11.0+ds+~cs29.13.22.orig-strip-css-comments.tar.xz d4cce6845197bbea81938f3bcad0226081c2ced277ec39469af443b67ff78693 2 node-mermaid_8.11.0+ds+~cs29.13.22.orig-stylis.tar.xz 7a86bc4b91bc8ed1c3bb7aac2d91e21d8e0de5f88acf8d8b14a0c25c73074d83 5852 node-mermaid_8.11.0+ds+~cs29.13.22.orig-webpack-node-externals.tar.xz 6648f21672f1446d458bc1323dce30189a9aee88510491815278ce6d2c68a7fe 1777624 node-mermaid_8.11.0+ds+~cs29.13.22.orig.tar.xz 1fa05f52550ad0e88d2a5792387ca644e3e9a6124c673f7144c9e7187fcb978b 6052 node-mermaid_8.11.0+ds+~cs29.13.22-1.debian.tar.xz Files: bb5596b8c639aed5c0c0f52074679594 6160 javascript optional node-mermaid_8.11.0+ds+~cs29.13.22-1.dsc 7ccd3e8d516230670daa78c4a2425a2b 6004 javascript optional node-mermaid_8.11.0+ds+~cs29.13.22.orig-crypto-random-string.tar.xz db868f16bd180815082e2456f8f8c744 2136 javascript optional node-mermaid_8.11.0+ds+~cs29.13.22.orig-entity-decode.tar.xz 6a0f3558f795af61684ede51a10944f4 82692 javascript optional node-mermaid_8.11.0+ds+~cs29.13.22.orig-escaper.tar.xz 73fe82eb46bacefd074477b8657e16dd 2668 javascript optional node-mermaid_8.11.0+ds+~cs29.13.22.orig-is-regexp.tar.xz 14571926ccd11446dc74942997a755f5 25644 javascript optional node-mermaid_8.11.0+ds+~cs29.13.22.orig-khroma.tar.xz 898bdc6f577797d7fab0e4aa442b1869 6304 javascript optional node-mermaid_8.11.0+ds+~cs29.13.22.orig-sanitize-url.tar.xz 39f045425e645f20fb812ceba6ec5961 2268 javascript optional node-mermaid_8.11.0+ds+~cs29.13.22.orig-scope-css.tar.xz 30337061717087b30422e9e0b903a666 10648 javascript optional node-mermaid_8.11.0+ds+~cs29.13.22.orig-slugify.tar.xz 5ac477870fa4a5e28ab5def60c26720c 20368 javascript optional
[Pkg-javascript-devel] Processing of node-mermaid_8.11.0+ds+~cs29.13.22-1_sourceonly.changes
node-mermaid_8.11.0+ds+~cs29.13.22-1_sourceonly.changes uploaded successfully to localhost along with the files: node-mermaid_8.11.0+ds+~cs29.13.22-1.dsc node-mermaid_8.11.0+ds+~cs29.13.22.orig-crypto-random-string.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig-entity-decode.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig-escaper.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig-is-regexp.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig-khroma.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig-sanitize-url.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig-scope-css.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig-slugify.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig-strip-css-comments.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig-stylis.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig-webpack-node-externals.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22.orig.tar.xz node-mermaid_8.11.0+ds+~cs29.13.22-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Processed: fixed 990449 in 8.7.0+ds+~cs27.17.17-3
Processing commands for cont...@bugs.debian.org: > fixed 990449 8.7.0+ds+~cs27.17.17-3 Bug #990449 [src:node-mermaid] node-mermaid: CVE-2021-35513 Marked as fixed in versions node-mermaid/8.7.0+ds+~cs27.17.17-3. > thanks Stopping processing here. Please contact me if you need assistance. -- 990449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990449 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#990449: marked as done (node-mermaid: CVE-2021-35513)
Your message dated Tue, 29 Jun 2021 16:05:53 +0200 with message-id and subject line Fixed in 8.7.0+ds+~cs27.17.17-3 and 8.11.0+ds+~cs29.13.22-1 has caused the Debian Bug report #990449, regarding node-mermaid: CVE-2021-35513 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 990449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990449 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: node-mermaid Version: 8.7.0+ds+~cs27.17.17-2 Severity: important Tags: security upstream Forwarded: https://github.com/mermaid-js/mermaid/issues/2122 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for node-mermaid. CVE-2021-35513[0]: | Mermaid before 8.11.0 allows XSS when the antiscript feature is used. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-35513 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35513 [1] https://github.com/mermaid-js/mermaid/issues/2122 [2] https://github.com/mermaid-js/mermaid/pull/2123 Regards, Salvatore --- End Message --- --- Begin Message --- --- End Message --- -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] node-mermaid_8.7.0+ds+~cs27.17.17-3_sourceonly.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 29 Jun 2021 14:46:20 +0200 Source: node-mermaid Architecture: source Version: 8.7.0+ds+~cs27.17.17-3 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Yadd Changes: node-mermaid (8.7.0+ds+~cs27.17.17-3) unstable; urgency=medium . * Team upload * Fix XSS vulnerability when antiscript is used (Closes: CVE-2021-35513) Checksums-Sha1: 4b5de0ec1a7fa54990a3ab8d12f21f6023da936e 6029 node-mermaid_8.7.0+ds+~cs27.17.17-3.dsc 3d107cef383ad2e36044c8178092811a4ddfeb96 5904 node-mermaid_8.7.0+ds+~cs27.17.17-3.debian.tar.xz Checksums-Sha256: 906eefce72f6cce7f8f832ebce2299a7f40c8d3384872c219604396848f1c87d 6029 node-mermaid_8.7.0+ds+~cs27.17.17-3.dsc aa4c23fd12e8b62f77e3e2949246730e350012cf0136f229043469fbe55e524a 5904 node-mermaid_8.7.0+ds+~cs27.17.17-3.debian.tar.xz Files: b6a6f931acb44e000e243c3790f7d337 6029 javascript optional node-mermaid_8.7.0+ds+~cs27.17.17-3.dsc b448f0914b792f4da40d2e8f77a5cf90 5904 javascript optional node-mermaid_8.7.0+ds+~cs27.17.17-3.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmDbFpkACgkQ9tdMp8mZ 7umLvhAAi2vmTdC8qy1QH3RqFWFGhiTJgJ+gX2HV0O/L7/zrbDZcAPvp6/qo/1Cd SPvu+M6iLiSww0QV91OYD2tNpf5JgvxnSxjboSA8yW+jw+hX9mgyn43q0gKLwWVq o+Jl2fjTH/Bhc993my2DDmXJlU2eg4pxzA7nxdA4kNEF4gQd0tM5fVVqV5OVFAem 61jN50U2WgnhVwrZuywZ9zPPurDb6nHvZEDoofnsQeodrgZHo34I4mbG499PnS13 14dNDvT/T2JfT5F4UWXk07VbCNUM5XJe2+CYrnay3pIKhhPlE/zlx2K/RLfPNS3R rB/SnrORaKaB9Hpeuhm+9npeNYIhenwJ16kWJbRQnXbBVwh3zQy2aBWkpw/U0EGH uSj+/AKBd1vKnzubojg+kyc3kwf8//GdDwISZXdR/G6m+VDAs2fEUzrwVeFdZCx2 TV4FtfNlOO6dhSth+xtY8g80aC5UWyCKEnvf5FcvkVroKwjITq8DfttKl5VRu2ok cV5vIiJrvTu9IBt0nCpFZWn6in5Hfw1VDeZx4Pg9K8gWU+s2mm0JjvAq4cfQAXqA AvaU5SweryUC9/KIwFiykVkxvSAQqoD9FJiTxgIn7CebT7FWI2JQvRbTQG4QTwSp rGbnNtbVuxWWbu8/PxM7vNj0yu3x3bxoxP6MMwMD61KU82xRF4U= =VoaH -END PGP SIGNATURE- Thank you for your contribution to Debian. -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Processing of node-mermaid_8.7.0+ds+~cs27.17.17-3_sourceonly.changes
node-mermaid_8.7.0+ds+~cs27.17.17-3_sourceonly.changes uploaded successfully to localhost along with the files: node-mermaid_8.7.0+ds+~cs27.17.17-3.dsc node-mermaid_8.7.0+ds+~cs27.17.17-3.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org) -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#990449: node-mermaid: CVE-2021-35513
Source: node-mermaid Version: 8.7.0+ds+~cs27.17.17-2 Severity: important Tags: security upstream Forwarded: https://github.com/mermaid-js/mermaid/issues/2122 X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerability was published for node-mermaid. CVE-2021-35513[0]: | Mermaid before 8.11.0 allows XSS when the antiscript feature is used. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-35513 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35513 [1] https://github.com/mermaid-js/mermaid/issues/2122 [2] https://github.com/mermaid-js/mermaid/pull/2123 Regards, Salvatore -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel