Bug#980892: marked as done (civicrm-common: CVE-2021-21252 embedded copy of jquery.validate.js vulnerable to ReDoS)

Debian Bug Tracking System Sat, 11 Jun 2022 00:21:18 -0700

Your message dated Sat, 11 Jun 2022 07:19:07 +0000
with message-id <[email protected]>
and subject line Bug#980892: fixed in civicrm 5.50.1+dfsg1-1
has caused the Debian Bug report #980892,
regarding civicrm-common: CVE-2021-21252 embedded copy of jquery.validate.js 
vulnerable to ReDoS
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
980892: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980892
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: civicrm-common
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>

Hi,

civicrm-common embeds a copy of jquery.validate.js that is vulnerable to
CVE-2021-21252 (has been fixed in version 1.19.3.

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: civicrm
Source-Version: 5.50.1+dfsg1-1
Done: Dmitry Smirnov <[email protected]>

We believe that the bug you reported is fixed in the latest version of
civicrm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Smirnov <[email protected]> (supplier of updated civicrm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 11 Jun 2022 13:34:01 +1000
Source: civicrm
Architecture: source
Version: 5.50.1+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Dmitry Smirnov <[email protected]>
Changed-By: Dmitry Smirnov <[email protected]>
Closes: 980892
Changes:
 civicrm (5.50.1+dfsg1-1) unstable; urgency=medium
 .
   * New upstream release.
     + CVE-2021-21252: upgraded "jquery.validate.js" 1.19.3 is no longer
       vulnerable to ReDoS (Closes: #980892).
   * Optimised dependency loading.
   * Standards-Version: 4.6.1.
   * watch: re-write.
Checksums-Sha1:
 a49217441305749f4a6039e2662dd0eabf958686 2845 civicrm_5.50.1+dfsg1-1.dsc
 af8a1a0c25a358e3b121e92e69bcb64c1d187df7 9198808 
civicrm_5.50.1+dfsg1.orig-l10n.tar.xz
 0bbf927222a7ca7c9e4dfceeadf0e67e7c958ebe 171276 
civicrm_5.50.1+dfsg1.orig-wordpress.tar.xz
 46ef93e00669fb7fc16376d8821897d41d66c3ac 14304324 
civicrm_5.50.1+dfsg1.orig.tar.xz
 32fee9c1814c3363bbdc81d32bc6c29c0555554f 56120 
civicrm_5.50.1+dfsg1-1.debian.tar.xz
 bcb68d7722d182f03c777eb47ae7ba179926c4cf 7616 
civicrm_5.50.1+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
 c224dd81c53db118f844f59fda025b5c0d266dd03755bdb582aa1bf2185dca7c 2845 
civicrm_5.50.1+dfsg1-1.dsc
 7138d0c1f1e7f0649bb65d4a1f3683be1aa98c2a92504d3316bcd30662b3fa8b 9198808 
civicrm_5.50.1+dfsg1.orig-l10n.tar.xz
 abf4904f96834cdf9d8fd136767fbfc817802d45d6738fa8009c81c1207f97ca 171276 
civicrm_5.50.1+dfsg1.orig-wordpress.tar.xz
 29ee6a5d207db7377a2277e0da43ea63dda76e0bd27227d2cf21b163602bfcb1 14304324 
civicrm_5.50.1+dfsg1.orig.tar.xz
 0beb058805eb1548f4c45d9ae08d6086f16dfc0b016f7d52019270e7544ccd1d 56120 
civicrm_5.50.1+dfsg1-1.debian.tar.xz
 244e8d4a65c4f8d001eab1f2ae6443e2271a723eda7c32a201087c187c275cb8 7616 
civicrm_5.50.1+dfsg1-1_amd64.buildinfo
Files:
 360d787562ee838e0e47cbb2c312ee72 2845 web optional civicrm_5.50.1+dfsg1-1.dsc
 ca3fee59ce24c15519b1ee180b6541eb 9198808 web optional 
civicrm_5.50.1+dfsg1.orig-l10n.tar.xz
 a0470e6a09c6a02413679b71928f8194 171276 web optional 
civicrm_5.50.1+dfsg1.orig-wordpress.tar.xz
 0eacc011ff1c1063f6c2ed339de01fd4 14304324 web optional 
civicrm_5.50.1+dfsg1.orig.tar.xz
 df83170fbfca0e50817fa37ecf3ffd0c 56120 web optional 
civicrm_5.50.1+dfsg1-1.debian.tar.xz
 e6a607908b64d5a207697728dd14135a 7616 web optional 
civicrm_5.50.1+dfsg1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEULx8+TnSDCcqawZWUra72VOWjRsFAmKkKHkACgkQUra72VOW
jRtIoA//TdpGRDZ9eq1gyUDT/D6RnpypUfv5u03ujtl4JUKZxreQlOUIqot2DOZm
sn2Va3BugyP07d0lphRLNXqt/xITsldAmr/ceK4T4U4WawwcQL3VljxNyancHkcK
C2aT1z4yIKD2jZwrxujTcbNEY6dDBJcapW3kClgbp+8uP23SfAqHZyUlHZGd+drG
u/4jJdoYNJrzmHtY9ICacKAOGxT68FPBL37HtjuYPW3oW4/GFgLwR3F3bbl391lN
Gv36DkKG+69aAIYmkJ/NmVczYDNmve0J5Q3GLtVlL+kUYmTeeGg746zI8WHcsXkN
1mD9b0/c5LUZDBXfaEXgP16f4Pie7WPoFnaMxmoSlEWij3JOjW4hOF0CxzDz818N
/V2E5vKOaaSYZe87BBKSV52Zm36Hpud/szQ7rfc0woIOumzzM/5XcTVSqBdMt8qY
PwVyJhw7DIr/RVAneFmfqNT9z5Z2V2QJGz1MXh3fFIZ/RZh5DT2jyJk699mYHQ1t
z+C3jI3c6b6OI4d6FqqyuyqABiBT4xZo9aliVqUBxgc2wMvNki+SbFIgtKSN0Jy2
dxbMIfRbCfjiuYMXHvxzHKFjB9IYNbS1lJgNOCWquZUr4kGnmAejo2Nb/PxzUv6Q
p85ybH12JWVSeCZmc3yw0CbtXZXr3aEd+eIELKHOymRyNDR/Oq8=
=Imsg
-----END PGP SIGNATURE-----

--- End Message ---

Bug#980892: marked as done (civicrm-common: CVE-2021-21252 embedded copy of jquery.validate.js vulnerable to ReDoS)

Reply via email to