Your message dated Fri, 21 Aug 2020 21:19:35 +0000
with message-id <e1k9erj-0009jc...@fasolo.debian.org>
and subject line Bug#968094: fixed in node-prismjs 1.11.0+dfsg-4
has caused the Debian Bug report #968094,
regarding node-prismjs: CVE-2020-15138
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
968094: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968094
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-prismjs
Version: 1.11.0+dfsg-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-prismjs.
CVE-2020-15138[0]:
| Prism is vulnerable to Cross-Site Scripting. The easing preview of the
| Previewers plugin has an XSS vulnerability that allows attackers to
| execute arbitrary code in Safari and Internet Explorer. This impacts
| all Safari and Internet Explorer users of Prism >=v1.1.0 that use
| the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_
| plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To
| workaround the issue without upgrading, disable the easing preview on
| all impacted code blocks. You need Prism v1.10.0 or newer to apply
| this workaround.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-15138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15138
[1] https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9
[2]
https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-prismjs
Source-Version: 1.11.0+dfsg-4
Done: Xavier Guimard <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-prismjs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 968...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated node-prismjs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 Aug 2020 23:00:34 +0200
Source: node-prismjs
Architecture: source
Version: 1.11.0+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Closes: 968094
Changes:
node-prismjs (1.11.0+dfsg-4) unstable; urgency=medium
.
* Team upload
* Fix XSS vulnerability (Closes: 968094, CVE-2020-15138)
* Bump debhelper compatibility level to 13
* Add "Rules-Requires-Root: no"
* Add debian/gbp.conf
* Add upstream/metadata
* Use pkg-js auto test & install
* Update copyright format url
Checksums-Sha1:
e7f63c0974b693609dfba2f27e424bc76fdaf68e 2123 node-prismjs_1.11.0+dfsg-4.dsc
6518e0e8461d96669a5fbff1edbc795fb6a60ce1 7748
node-prismjs_1.11.0+dfsg-4.debian.tar.xz
Checksums-Sha256:
3e93e674af85b96f364c9e794649a21cafc1b35c31d6832e0eb6e591c0101f50 2123
node-prismjs_1.11.0+dfsg-4.dsc
f32d0b28a5e69c8cb06f76aed2f80bc17a6143f9e68d3c8466ca83dcc858e4c8 7748
node-prismjs_1.11.0+dfsg-4.debian.tar.xz
Files:
c52b2fe943d94ef91617fb12e1210bb5 2123 javascript optional
node-prismjs_1.11.0+dfsg-4.dsc
7385d9cff4def815a1a589afe244aee2 7748 javascript optional
node-prismjs_1.11.0+dfsg-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl9AN3EACgkQ9tdMp8mZ
7umvUBAAgw5bURgEMbeOjkCKSfhcSIN6Kaw2u/53uRnKlDz+ajlB2X+2dMm8gDVd
mwDOfCIgfIkgrPwAGamP5bRdJWDefValX3xq9hGrdJBeSGLspF61mzWt9RlUN++3
YB7pDC1e9+RHvmrXF1oyglu3YSIdElCEy1cQVbMzQ0l41kCrQ8S+80tDaguNNutm
fpSySMtNHvLUmDAYHon6TLt7dvHOs+4soupcNlvJ0ordgr1j28kwjww03NEoS7bw
Pws5z03ovhjOBQhbZ6lIDB4iK4jMX8RBhBFbFo/ITnqRLCGGT2Tlmpr08EBx17Lz
VFr0/lU6U8llyL67LO2kK67KGHSybULwHgFPqtYdiQFOWUHQCKo4d54x1IJcJPM0
tgDoAcohq0MA6adxbarPa5M16XJ2zDFVvcpEgyy734LASmmup375GFhZwBITFfJ7
YWr19I+uX+XjgNk5EAs475q81zWbL5yOWhRdG0719Tvru6egf1cAQL8gN0azcxqk
19YkIYJc4hOPq3rMtuzGr95LILKHOTwcoDJtYaNjzxSlukEQOLW7PCw7tvasORjP
NVx3DpLlRD9FwE7UoiwJgcbYxpmt8tAS7EqROXqAKUNKCzQkfIUVCzlaXmmdY0He
C/6W4vzYMVznohth/lDJrqqqL09Qj9aCxe6v8Eyup7TW/ysd0Po=
=G48n
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
