Your message dated Wed, 05 Sep 2018 13:19:45 +0000
with message-id <[email protected]>
and subject line Bug#906540: fixed in dojo 1.14.1+dfsg1-1
has caused the Debian Bug report #906540,
regarding dojo: CVE-2018-15494
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
906540: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906540
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dojo
Version: 1.13.0+dfsg1-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/dojo/dojox/pull/283
Hi,
The following vulnerability was published for dojo.
CVE-2018-15494[0]:
| In Dojo Toolkit before 1.14, there is unescaped string injection in
| dojox/Grid/DataGrid.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-15494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15494
[1] https://github.com/dojo/dojox/pull/283
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dojo
Source-Version: 1.14.1+dfsg1-1
We believe that the bug you reported is fixed in the latest version of
dojo, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated dojo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 05 Sep 2018 14:59:53 +0200
Source: dojo
Binary: libjs-dojo-core libjs-dojo-dijit libjs-dojo-dojox shrinksafe
Architecture: source
Version: 1.14.1+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Description:
libjs-dojo-core - modular JavaScript toolkit
libjs-dojo-dijit - modular JavaScript toolkit - Dijit
libjs-dojo-dojox - modular JavaScript toolkit - DojoX
shrinksafe - JavaScript compression system
Closes: 906540
Changes:
dojo (1.14.1+dfsg1-1) unstable; urgency=medium
.
* New upstream version.
* Fix CVE-2018-15494 (Closes: #906540):
In Dojo Toolkit before 1.14, there is unescaped string injection in
dojox/Grid/DataGrid.
Checksums-Sha1:
6ae4944de327ffa498050f81704fefcbfb0b5497 2379 dojo_1.14.1+dfsg1-1.dsc
2590f4e114ea934d3e2e8f24cfb331552d552710 33909294 dojo_1.14.1+dfsg1.orig.tar.gz
954a12fbd895fb764742d21dbdb82340bada7b86 14792
dojo_1.14.1+dfsg1-1.debian.tar.xz
a5d61dbdd90f8ce05582f27105f69605576df953 6068
dojo_1.14.1+dfsg1-1_source.buildinfo
Checksums-Sha256:
b96bd4c3319ae88cba0aaf64ff60577f5d363b36ea2e9facdc975d3660b1fb50 2379
dojo_1.14.1+dfsg1-1.dsc
dcc8f8dc252e600a4b404bf339a3f05cecad6ea96c93e3a1587252a1e6e1d83a 33909294
dojo_1.14.1+dfsg1.orig.tar.gz
0c5d9f7b48c1fd9f57292bf8bd6b175672a836bdf5c89291e5ed598b62f72148 14792
dojo_1.14.1+dfsg1-1.debian.tar.xz
cd923f9b4bdfcb05b196b7dc90cb7a1c7ed63c89c1456cb007ca818bd7bf6a38 6068
dojo_1.14.1+dfsg1-1_source.buildinfo
Files:
8a3e54d708a36fc99afa37fb658734f2 2379 javascript optional
dojo_1.14.1+dfsg1-1.dsc
cb7749ba3f71f14e43ca99ae0b853e72 33909294 javascript optional
dojo_1.14.1+dfsg1.orig.tar.gz
696f1c7674033b4f9d136360d9e9f966 14792 javascript optional
dojo_1.14.1+dfsg1-1.debian.tar.xz
621d81e34b1fef0f2e038c1f5ea18174 6068 javascript optional
dojo_1.14.1+dfsg1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAluP1FIACgkQADoaLapB
CF9RGxAAi0SAlIfFJsewwpknk3qUstMdX6LP6rqiFlvpcaF8VLTa/tkDPmk2Jslw
RSfCFfk6e57g3CkkcQ9EeToK4id+t+uL6DgLqqivEFR/xIFa0GiV/gYs9OZ79ava
BzI67w/LaXXgqMjpKh3E5Xo/RXKAdxiCK9a6YFo9X6n+F8JM0ieEvK0QhCSzBqPC
xZHN7204iF8bUBPWoWqbQNbBOWjI7fG0JarLLvDygRWzjZGTqPGDCMI/HclbMUZi
nqyzCNj1lED4Jta4qmkyGyN2/20xwLu5tPha2thvjVvHbWjxGmwj9hWNEKo/YfNL
Uy0YoULZrXdJr7349Bd5qRBqzD9yZG5JqbbbIUxROi9+z1sU1AZnUYPIZHc/7I5P
5NvJ/xaaSU5vCzNzXeWA+F8QiK5Yz7Yz+Q0k2D9nYG9e6yaDa0kIaGz4s5jHcvFo
9cybV6GDeXwB7YQ/8mWBHhZATmhBMphW7a6bGTUVTETUY0WclTS2vHkcDzdUX/7C
Fv7xGTt0IUeTAqOiBLm7g950NaVrnZpPqZRrh4ybqLd/JM1qKVT1Wysf2Xg2c4hj
yMZM8Gx2mqU/0UD65fwenrXei9Fz47uFp/fXCG/6V1FgYWP8gWgi8ohQ+ayLVxJG
+wKx9AukQVlfO7DKBNjFu8Bo1Jfe4iMliOchTt6WTJyr4/OgJDU=
=ejz6
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
