Le 29/02/2020 à 14:48, Salvatore Bonaccorso a écrit : > Hi Xavier, > > On Sat, Feb 29, 2020 at 09:10:51AM +0100, Xavier Guimard wrote: >> Package: release.debian.org >> Severity: normal >> Tags: buster >> User: release.debian....@packages.debian.org >> Usertags: pu >> >> Hi, >> >> dojo is vulnerable to Cross-site Scripting. This is due to >> dojox.xmpp.util.xmlEncode only encoding the first occurrence of each >> character, not all of them. >> >> This upstream patch fixes this issue >> >> Cheers, >> Xavier > >> diff --git a/debian/changelog b/debian/changelog >> index 14447b52..0e5dc462 100644 >> --- a/debian/changelog >> +++ b/debian/changelog >> @@ -1,3 +1,10 @@ >> +dojo (1.15.0+dfsg1-1+deb10u1) buster; urgency=medium >> + >> + * Team upload >> + * Cleanup improper regex usage (Closes: #952771, 2019, 10785) > ^^^^^^^^^^^ > Did you mean CVE-2019-10785 here? > > Regards, > Salvatore
Oups sorry, Gbp-Dch mis-interpret my commit. Yes this closes CVE-2019-10785.