[SECURITY] [DLA 2127-1] dojo security update

Sat, 29 Feb 2020 02:59:41 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : dojo
Version        : 1.10.2+dfsg-1+deb8u2
CVE ID         : CVE-2019-10785
Debian Bug     : 952771


dojox was vulnerable to Cross-site Scripting. This was due
to dojox.xmpp.util.xmlEncode only encoding the first occurrence of
each character, not all of them.

For Debian 8 "Jessie", this problem has been fixed in version
1.10.2+dfsg-1+deb8u2.

We recommend that you upgrade your dojo packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5aQ9MACgkQgj6WdgbD
S5YB0w//fZn+KgnUzq6J+uVqOBRkvN+Rf6qmor57B4M5k7Enz9WsF+lgi4QzZEUa
smEWK/n+ndQZmBHuPYHKDQZdm5D7sMZPW1x/BkfIxs1T9lP/t5t+luFheaTr0VGa
/gaGSCQRshoge5l+WpTgkyUxrYRk5eR16o+qYRrliBwYSRz3f+YfyOcxU1+f+gq2
mwBQspmwHDS1Np5pS/Xk7IaL/m8jlUCT+lTQZPassQslRMS9NptXQQb3YUgLLbpy
5dWXv9zpbttLy41GNDCrCBZ8XYuFJPuGcb4qdTuNVlYZ+rEtno4LvEhP9THvwLRa
JVqf2ucmW5ySfjjs2NGOTjdmNp25zQneHvtxEgGhqkEYXlEaHZcGYva0HGpG6WIK
NmV+CjmRmY+daJzRMsngaBsq+ZD5LWby1hIaV0O6yQeQruP1Cm08nHTLuCL5m9oi
Y+6fY9pJ4LLOGfPlms1S8Jv+P3gHfVpLvuevqB44yIEGcsANWtAT9xi+NM6QudIr
X7trIfMQGeTCPO+SNbn7u2CZk6849CZjsQW4k0HcI7g6oJqy56NqBt5HY9SQAYdo
wznfZb7TR4as0qL/WRMxLEP5YvmhGa3G3sLHbyVcTTYfIIRq22TjRLONSeRsvMwU
Fj6QNyf0EYCjOkj5iyOg+N0gmBbzKCVjX/SAvoYjKNKdGIYtzk8=
=XLAw
-----END PGP SIGNATURE-----

Reply via email to