Bug#1112529: trixie-pu: package shaarli/0.14.0+dfsg-2

To: James Valleroy <jvalleroy@mailbox.org>, 1112529@bugs.debian.org
Subject: Bug#1112529: trixie-pu: package shaarli/0.14.0+dfsg-2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 30 Aug 2025 14:20:20 +0100
Message-id: <[🔎] 6c4c638b027d4a476f22df8571d1ccdad516ce6a.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1112529@bugs.debian.org
In-reply-to: <[🔎] 4a325eee-79f1-4a1d-a2e9-7b7760492ec0@mailbox.org>
References: <[🔎] 4a325eee-79f1-4a1d-a2e9-7b7760492ec0@mailbox.org> <[🔎] 4a325eee-79f1-4a1d-a2e9-7b7760492ec0@mailbox.org>

On Sat, 2025-08-30 at 09:05 -0400, James Valleroy wrote:
> Fixes CVE-2025-55291:
>   Prior to 0.15.0, the input string in the cloud tag page is not
>   properly sanitized. This allows the </title> tag to be prematurely
>   closed, leading to a reflected Cross-Site Scripting (XSS)
>   vulnerability. This vulnerability is fixed in 0.15.0.
> 
> This issue is also present in old-stable.

If you want to fix it in bookworm as well, please open a separate bug
for that.

+shaarli (0.14.0+dfsg-2) trixie; urgency=medium

While 0.14.0+dfsg-2 works in this case because that version has never
been used for an upload to Debian in the past, note that the more
conventional version number would be 0.14.0+dfsg-1+deb13u1.

Regards,

Adam

Reply to:

References:
- Bug#1112529: trixie-pu: package shaarli/0.14.0+dfsg-2
  - From: James Valleroy <jvalleroy@mailbox.org>

Prev by Date: Processed: Re: Bug#1112195: bookworm-pu: package iperf3/3.12-1+deb12u2
Next by Date: NEW changes in stable-new
Previous by thread: Processed: trixie-pu: package shaarli/0.14.0+dfsg-2
Next by thread: Bug#1112529: shaarli 0.14.0+dfsg-2 flagged for acceptance
Index(es):
- Date
- Thread