Fwd: Bug#823416: ITP: libjs-jquery-migrate-1 -- Migrate older jQuery code to jQuery 1.9+
- To: debian-security-tracker@lists.debian.org
- Cc: Paul Wise <pabs@debian.org>
- Subject: Fwd: Bug#823416: ITP: libjs-jquery-migrate-1 -- Migrate older jQuery code to jQuery 1.9+
- From: Jean-Michel Vourgère <nirgal@debian.org>
- Date: Thu, 5 May 2016 04:57:59 +0000
- Message-id: <[🔎] 572AD2D7.3060006@debian.org>
- In-reply-to: <CAKTje6H4rj0Gds=JwV+qhiF3SXyEscZYSoY7W8anE43=gOpZbg@mail.gmail.com>
- References: <20160504144949.19441.19554.reportbug@deimos> <CAKTje6H4rj0Gds=JwV+qhiF3SXyEscZYSoY7W8anE43=gOpZbg@mail.gmail.com>
Hello dear security gurus
Paul Wise wrote:
> On Wed, May 4, 2016 at 10:49 PM, Jean-Michel Vourgère wrote:
>> That small javascript library is already used by a few packages:
> Please let the security team know about these embedded code copies:
> https://wiki.debian.org/EmbeddedCodeCopies
As I explained in the bug report [1], while updating a package using
jquery-migrate, I looked for an existing version but only found only
embedded copies:
> dokuwiki: /usr/share/dokuwiki/lib/scripts/jquery/jquery-migrate.js
> dokuwiki: /usr/share/dokuwiki/lib/scripts/jquery/jquery-migrate.min.js
> dotclear: /usr/share/dotclear/web/admin/js/jquery/jquery-migrate-1.2.1.js
> galette: /usr/share/galette/includes/jquery/jquery-migrate-1.2.1.min.js
> moodle: /usr/share/moodle/lib/jquery/jquery-migrate-1.2.1.js
> moodle: /usr/share/moodle/lib/jquery/jquery-migrate-1.2.1.min.js
> opennebula-sunstone: /usr/share/opennebula-sunstone/public/vendor/4.0/jquery-migrate.min.js
> otrs2: /var/lib/otrs/httpd/htdocs/js/thirdparty/jquery-migrate-1.2.1/jquery-migrate.js
> owncloud: /usr/share/owncloud/core/js/jquery-migrate-1.2.1.js
> owncloud: /usr/share/owncloud/core/js/jquery-migrate-1.2.1.min.js
> python-xstatic-jquery-migrate: /usr/lib/python2.7/dist-packages/xstatic/pkg/jquery_migrate/data/jquery-migrate.js
> python-xstatic-jquery-migrate: /usr/lib/python2.7/dist-packages/xstatic/pkg/jquery_migrate/data/jquery-migrate.min.js
> wordpress: /usr/share/wordpress/wp-includes/js/jquery/jquery-migrate.js
> wordpress: /usr/share/wordpress/wp-includes/js/jquery/jquery-migrate.min.js
I plan to add a lintian check later.
This made me realise you list [2] doesn't have libjs-raphael either. A
detection check for this one was added [3] in lintian 2.5.32. The full
lintian list is available here:
https://lintian.debian.org/tags/embedded-javascript-library.html
Cheers
[1] https://bugs.debian.org/823416
[2]
https://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=co
[3] https://bugs.debian.org/788839
Reply to: