[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#952785: buster-pu: package dojo/1.15.0+dfsg1-1+deb10u1

Hi Xavier,

On Sat, Feb 29, 2020 at 09:10:51AM +0100, Xavier Guimard wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> Hi,
> 
> dojo is vulnerable to Cross-site Scripting. This is due to
> dojox.xmpp.util.xmlEncode only encoding the first occurrence of each
> character, not all of them.
> 
> This upstream patch fixes this issue
> 
> Cheers,
> Xavier

> diff --git a/debian/changelog b/debian/changelog
> index 14447b52..0e5dc462 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,10 @@
> +dojo (1.15.0+dfsg1-1+deb10u1) buster; urgency=medium
> +
> +  * Team upload
> +  * Cleanup improper regex usage (Closes: #952771, 2019, 10785)
                                                      ^^^^^^^^^^^
Did you mean CVE-2019-10785 here?

Regards,
Salvatore
Reply to: