[Pkg-javascript-devel] Bug#1014785: marked as done (dojo: CVE-2021-23450)

[Debian Bug Tracking System]

Your message dated Sat, 13 Aug 2022 16:05:03 +0000
with message-id <e1omtdh-005af1...@fasolo.debian.org>
and subject line Bug#1014785: fixed in dojo 1.17.2+dfsg1-1
has caused the Debian Bug report #1014785,
regarding dojo: CVE-2021-23450
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1014785: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014785
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: dojo
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for dojo.

CVE-2021-23450[0]:
| All versions of package dojo are vulnerable to Prototype Pollution via
| the setObject function.

https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
Fixed by: 
https://github.com/dojo/dojo/commit/b7b8b279f3e082e9d4b54144fe831bdc77b2e0c9

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-23450
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23450

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

Source: dojo
Source-Version: 1.17.2+dfsg1-1
Done: Bastien Roucariès <ro...@debian.org>

We believe that the bug you reported is fixed in the latest version of
dojo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1014...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated dojo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Aug 2022 11:57:27 +0000
Source: dojo
Architecture: source
Version: 1.17.2+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Closes: 1014785
Changes:
 dojo (1.17.2+dfsg1-1) unstable; urgency=medium
 .
   * New upstream version, fix CVE-2021-23450 (Closes: #1014785).
   * Fix lintian warnings
Checksums-Sha1:
 85e7262318c2c52961a76213ffd5f776d53d5325 2336 dojo_1.17.2+dfsg1-1.dsc
 0900eb015fa4496e41290882e7e51ce70ab5a300 41448704 dojo_1.17.2+dfsg1.orig.tar.xz
 5320024828d8955fb882446e964b526ec5747532 17392 
dojo_1.17.2+dfsg1-1.debian.tar.xz
 57c32c58b90bdbf743e3b9b5f8db2d0c4df81452 13771 
dojo_1.17.2+dfsg1-1_source.buildinfo
Checksums-Sha256:
 10a7906554e4b765a0caf5e60f978166abbef2216af0ca0eba89541b939bf1aa 2336 
dojo_1.17.2+dfsg1-1.dsc
 ea9585d0e07617a71fc3f8d9ee5654263ed9d220cbc7ef85b007a78d61e9c2fc 41448704 
dojo_1.17.2+dfsg1.orig.tar.xz
 96fec32410c0b91697a62f197148a7d6e56de127498cf91c65cbd09a8bc1c51c 17392 
dojo_1.17.2+dfsg1-1.debian.tar.xz
 564e3a3108f3276f032546646d1958049fcb391ad63b51bab6856be4e395ff21 13771 
dojo_1.17.2+dfsg1-1_source.buildinfo
Files:
 a1f7edcb5d92913cf37cdf222615b831 2336 javascript optional 
dojo_1.17.2+dfsg1-1.dsc
 619f3dfdd9b33020e6b0e84316193de2 41448704 javascript optional 
dojo_1.17.2+dfsg1.orig.tar.xz
 a1763910e9eb8642c7f493dbd66b82da 17392 javascript optional 
dojo_1.17.2+dfsg1-1.debian.tar.xz
 f1d2b90acc12f5bd742bef8f7fa53e45 13771 javascript optional 
dojo_1.17.2+dfsg1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmL3x+4RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/D9g/9F+xi/7nzdGmamnaxbU6UO+mvHHONObqX
/cVNkcGhFk9DCYPkFyJIxCthfVVH5DlLT57CFBZ3j2Y20KQMRRl85A0BhGmCYz8z
Elr+NTwjWJXR+MCGi9Sl+T+9gvD7NqKu/LvvXaol3TGIeV708Ipz30/GUNYkBSla
86CYQYctHLIpQkUYVa8RNBMFc0Ug6MJasjMApaaxVDNCt0WCVLvL/h2JQerXZdZr
jWC8/Lfph1n2U3VGDesGUYlG5txaFXLzTI3c5ij2FtxL2aS7Ast280rGsP7UKQNM
jXid1giUFwCaVl8X4Th54x/Iq9fbGaxbs8pRtpqjskGIr+Mu4Hzs+AcV5WfdcUGS
aIH55C147svHC+qfsRZwhFnTJrPj9526axmmJ3cO8Gksp0zvdiCYZYV6kSO7VVav
DnvNFTPo6IAPd44Fo5JhpbkPzXUSgga9gq3qqJiSXhEPZmJ4ly1O05xLnaWEBX+L
ZsqKZ0nWJA1TYgeEWy/FWqr8oWB7C68UbOw3c8upuWqhMu5mJ9hmFz7qNuUP+GIc
2vH1K4OYhtxtR4RWfgVbAFIrVJXaRP2+E0KCjyS9rIVM33owkXN+NiTannXHfzYz
WNeKRFa45Cugrj77Grbmo94QcqePYZ5Uvd9INrKRTONF4zMzLBDXpTt2scwItM3S
eIDR+XA9APk=
=s4DV
-----END PGP SIGNATURE-----

--- End Message ---

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel