Bug#995291: bullseye-pu: package datatables.js/1.10.21+dfsg-2+deb11u1

To: Yadd <yadd@debian.org>, 995291@bugs.debian.org
Subject: Bug#995291: bullseye-pu: package datatables.js/1.10.21+dfsg-2+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 04 Dec 2021 17:25:15 +0000
Message-id: <[🔎] 7f47b2c154c4cda1f2b2e92e5be15c2c132362ca.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 995291@bugs.debian.org
In-reply-to: <163290404129.2664689.5811088082953751323.reportbug@deb007.xnr.fr>
References: <163290404129.2664689.5811088082953751323.reportbug@deb007.xnr.fr> <163290404129.2664689.5811088082953751323.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Wed, 2021-09-29 at 10:27 +0200, Yadd wrote:
> datatables.js is vulnerable to CVE-2021-23445: if an array is passed
> to
> the HTML escape entities, it would not have its content escaped
> (#995229)
> 

Hmm, for some reason this request never seems to have made it to
debian-release.

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: bullseye-pu: package datatables.js/1.10.21+dfsg-2+deb11u1
Next by Date: Bug#1000486: buster-pu: package btrbk/0.27.1-1+deb10u2
Previous by thread: Processed: Re: Bug#1000736: bullseye-pu: package poco/1.10.0-6
Next by thread: Processed: Re: bullseye-pu: package datatables.js/1.10.21+dfsg-2+deb11u1
Index(es):
- Date
- Thread