Your message dated Wed, 29 Sep 2021 08:33:57 +0000
with message-id <[email protected]>
and subject line Bug#995229: fixed in datatables.js 1.10.21+dfsg-3
has caused the Debian Bug report #995229,
regarding datatables.js: CVE-2021-23445 - contents of array not escaped by HTML
escape entities function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
995229: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995229
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: datatables.js
Version: 1.10.21+dfsg-2
Severity: important
Tags: security
X-Debbugs-Cc: [email protected], Debian Security Team
<[email protected]>
Hi,
The following vulnerability was published for datatables.js.
CVE-2021-23445[0]:
| This affects the package datatables.net before 1.11.3. If an array is
| passed to the HTML escape entities function it would not have its
| contents escaped.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-23445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23445
Please adjust the affected versions in the BTS as needed.
See also
https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.14.0-1-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: datatables.js
Source-Version: 1.10.21+dfsg-3
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
datatables.js, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated datatables.js package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Sep 2021 10:15:24 +0200
Source: datatables.js
Architecture: source
Version: 1.10.21+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 995229
Changes:
datatables.js (1.10.21+dfsg-3) unstable; urgency=medium
.
* Team upload
.
[ lintian-brush ]
* Trim trailing whitespace.
* Use secure URI in Homepage field.
* Bump debhelper from old 12 to 13.
* Set upstream metadata fields: Bug-Database, Repository, Repository-Browse.
* Update standards version to 4.6.0, no changes needed.
.
[ Yadd ]
* Fix: If an array was passed to the HTML escape entities function it would
not have its contents escaped (Closes: #995229, CVE-2021-23445)
* Add "Rules-Requires-Root: no"
* Change section to javascript
* Add debian/gbp.conf
* Modernize debian/watch
* Use "Expat" license name instead of MIT
Checksums-Sha1:
ebdbcda1bec7352753b52c2b23aa60b19d70b6e6 2067 datatables.js_1.10.21+dfsg-3.dsc
6dd49b6790b745b1e12c285333e95e20547caad9 6508
datatables.js_1.10.21+dfsg-3.debian.tar.xz
Checksums-Sha256:
ddbcbbc337f1ff6e5aea17e6a4dfe16b73f29db3ecbf5e91cdbb23f04967e5a7 2067
datatables.js_1.10.21+dfsg-3.dsc
f66bea338da09d32d38d18156ef8db0a3b48605496e0a35c4cf24d8cd256e51a 6508
datatables.js_1.10.21+dfsg-3.debian.tar.xz
Files:
5e9c8c7628ecc9c21df8110204cd515a 2067 javascript optional
datatables.js_1.10.21+dfsg-3.dsc
d7b927bee78305f9201185f797fee21d 6508 javascript optional
datatables.js_1.10.21+dfsg-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmFUIUkACgkQ9tdMp8mZ
7umWVQ//UTwEMuZpJCDOFemwTbnNzqwMM4NsVX68k7u0+rV0j5lTaQpLTY4BLrlv
UqPVmNC5ZAgsFy3uL6GnxvXfbqczgaZ+KQs+mipG8h7GNsF/fphjHqqIig4vwg9C
2wM20xGdwh/RlGQiqmN0B0aaetSLi2vp+yW7ApCF0PfQY+gBcr2/xOXR3wSC9KBU
Zqd1AcL9XsfMdDYlZcFWU/yHEnoD689NWLmtEoh5aQHnyl6jo/rQHwa79VblDpX5
VlJ3npqzoKhTdmy2/AskPg4nCZkDe1q1DjlMqFknTlmuG7ZA5oLgrTr17leEUn2s
U0QjIbTeJDOfAoTZaW3NNHG/AcpEK019ixlpsPVCgAzUvnUgPXwEtOnrMBhoVUMg
zj2co9H/sx+teLR5Rkdap9VBe0LC4p2hDjHQZSVOqt68ZoTLEhDZ8rPYzvstnyu2
lYTVkWMXXXPcx5NAVMXjBQNAwPBfLfp+jIIGtWrVGwMjeT9wxA7gPIECaknirpzi
fvP9LVOKOZMOQNpYWDbR0Nmj1V1W1/vgvBki9P9w5JKxFMytdU/Zs9ED0JTX9+C8
kfrVElpTHlUbguW2zouC1AaQKXT60hmH6tP7AqsiAFDr8nQBv6WrTtQyQOiwtgNe
ONctVrX8Dj3gncTlnz1p2Gk5BQZIcVYPWqIOvbVBM2A5R0y2748=
=fKqZ
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
