Your message dated Tue, 23 Apr 2019 16:33:28 +0000 with message-id <e1hiymk-000grr...@fasolo.debian.org> and subject line Bug#927466: fixed in node-jquery 2.2.4+dfsg-4 has caused the Debian Bug report #927466, regarding node-jquery: CVE-2019-11358: Prototype Pollution vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 927466: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927466 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: jquery Version: 3.3.1~dfsg-1 Severity: grave Tags: patch security upstream fixed-upstream Justification: user security hole Control: found -1 3.1.1-2 Hi A prototype pollution vulnerability (so far no CVE) has been fixed in jQuery 3.4.0: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ Patches: https://github.com/DanielRuf/snyk-js-jquery-174006?files=1 https://snyk.io/vuln/SNYK-JS-JQUERY-174006 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: node-jquery Source-Version: 2.2.4+dfsg-4 We believe that the bug you reported is fixed in the latest version of node-jquery, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 927...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard <y...@debian.org> (supplier of updated node-jquery package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 23 Apr 2019 18:12:00 +0200 Source: node-jquery Architecture: source Version: 2.2.4+dfsg-4 Distribution: unstable Urgency: medium Maintainer: Xavier Guimard <y...@debian.org> Changed-By: Xavier Guimard <y...@debian.org> Closes: 886001 927466 Changes: node-jquery (2.2.4+dfsg-4) unstable; urgency=medium . * Team upload * Add upstream/metadata * Add homepage * Upgrade links to https * Fix prototype pollution vulnerability (Closes: #927466, CVE-2019-11358) * Add patch to make the build reproducible. Thanks to Chris Lamb (Closes: #886001) Checksums-Sha1: 644d03d646809efc0368c33196eda27a11e26d66 2187 node-jquery_2.2.4+dfsg-4.dsc 8e69baf8d8f90cfee834f23abaee4b602746995c 4252 node-jquery_2.2.4+dfsg-4.debian.tar.xz Checksums-Sha256: fb768867f23ee0aeac915c5d252e653ec5442974aeb19a2ee887e11e2a843d35 2187 node-jquery_2.2.4+dfsg-4.dsc 8f32c1cd125782d6fd244ccbd251ab82223cc90c13c29110582e65f750b18cfa 4252 node-jquery_2.2.4+dfsg-4.debian.tar.xz Files: 53ab63b92d72afada3605b42393f8ca2 2187 javascript optional node-jquery_2.2.4+dfsg-4.dsc dc9c7caa548fcc3230c5f5f72c320c15 4252 javascript optional node-jquery_2.2.4+dfsg-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAly/OgsACgkQ9tdMp8mZ 7uksPA//fT7f4e6pG0bz2PbzYThJMmR/8xS5JKs+8/gzCaGtNKIWRrfwR1ifweID Hc/myPYpg9Al5n3IFD4c38cTVDHrKHg1KXjQYJMammUmPQ4MgorEvgRDi7cBj/// onj2Ju88kxCgBU5fhu2L5Si6pXGJUtDB/Bi0N0S/S1hgoER7vtXYngJrSQ/Qamx2 jGzhL8/V33Kpi3WOAvrWXHonrzgihOdRHXwrgJcFEtwArtbvk9HKY/ieSOY7UGBh Jf+8YQJQFkE0AmV7lxLQQ2njGdNhWzTUmfmCvuW9UvcV+OU9SzRFoS4blXrWyrhq QKYfm9/C5oLkJQM6+zY9DZNF/32SYWukF3ooMNDNgdtwoY+1hoBPnUbZ3gR3qx6T 7daJf/LVms7vYu+mom+8099buL1i5NfaSr/Zgl0y/O9LrsHptpiO8qzjrGRG3bQE 3TNRZ6J5VHXOIB4rZ4Ug79cVFZCXfu3WDag5qtVqa4FDHcdLn/sTbQSz53M6CjCf y3c+mky9WUwFhZ6CJ1BoLqG388g6faL2u8qENRny0otD7KWePGB+fZn7vmWjbdfP yMSyNbSt/oljFf0QF2ST8DwmVZqN2dDdczTxGpaUgDis/CKYK1GpbX04GWZxuL3X iyOGCfdHogs5zAbP8tJ3DwQ0SapShXiPWJOUXOm6PRu6sPtZJfY= =c3E0 -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
