Bug#1036977: bullseye-pu: package jqueryui/1.12.1+dfsg-8+deb11u2
Hi Yadd,
On Wed, May 31, 2023 at 03:13:06PM +0400, Yadd wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: jqueryui@packages.debian.org
> Control: affects -1 + src:jqueryui
>
> [ Reason ]
> jqueryui is potentially vulnerable to cross-site scripting
> (CVE-2022-31160)
>
> [ Impact ]
> Low security issue
>
> [ Tests ]
> Sadly tests are minimal in this package. Anyway passed
>
> [ Risks ]
> Low risk, patch is trivial
>
> [ Checklist ]
> [X] *all* changes are documented in the d/changelog
> [X] I reviewed all changes and I approve them
> [X] attach debdiff against the package in (old)stable
> [X] the issue is verified as fixed in unstable
>
> [ Changes ]
> Don't accept label outside of the root element
>
> Cheers,
> Yadd
> diff --git a/debian/changelog b/debian/changelog
> index 3a6a587..9b1e9cc 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,10 @@
> +jqueryui (1.12.1+dfsg-8+deb11u2) bullseye; urgency=medium
> +
> + * Team upload
> + * Checkboxradio: Don't re-evaluate text labels as HTML (Closes: CVE-2022-31160)
> +
> + -- Yadd <yadd@debian.org> Wed, 31 May 2023 15:08:55 +0400
Minor thing, you could as well close #1015982 with the upload.
Regards,
Salvatore
Reply to: