[Pkg-javascript-devel] Bug#1014785: marked as done (dojo: CVE-2021-23450)

Sat, 15 Oct 2022 04:03:17 -0700 

Your message dated Sat, 15 Oct 2022 11:02:08 +0000
with message-id <e1ojevg-005cny...@fasolo.debian.org>
and subject line Bug#1014785: fixed in dojo 1.15.4+dfsg1-1+deb11u1
has caused the Debian Bug report #1014785,
regarding dojo: CVE-2021-23450
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1014785: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014785
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: dojo
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerability was published for dojo.

CVE-2021-23450[0]:
| All versions of package dojo are vulnerable to Prototype Pollution via
| the setObject function.

https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
Fixed by: 
https://github.com/dojo/dojo/commit/b7b8b279f3e082e9d4b54144fe831bdc77b2e0c9

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-23450
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23450

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: dojo
Source-Version: 1.15.4+dfsg1-1+deb11u1
Done: Yadd <y...@debian.org>

We believe that the bug you reported is fixed in the latest version of
dojo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1014...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated dojo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 16 Sep 2022 10:42:57 +0200
Source: dojo
Architecture: source
Version: 1.15.4+dfsg1-1+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1014785
Changes:
 dojo (1.15.4+dfsg1-1+deb11u1) bullseye; urgency=medium
 .
   * Team upload
   * Fix prototype pollution (Closes: #1014785, CVE-2021-23450)
Checksums-Sha1: 
 80e147e80bf7512dfefaa29978bcf95f1a5952dd 2417 dojo_1.15.4+dfsg1-1+deb11u1.dsc
 670ba5073db28c513787ba24c794682578e9de02 16008 
dojo_1.15.4+dfsg1-1+deb11u1.debian.tar.xz
Checksums-Sha256: 
 c77fa7172ad2e21480d4ea8c022dd67d70bdf6758027dd060007627df13b430b 2417 
dojo_1.15.4+dfsg1-1+deb11u1.dsc
 46f358a2a5d9f7c4abeb2fff0509b7afeb77981ef003993ae84bafb650ae9d31 16008 
dojo_1.15.4+dfsg1-1+deb11u1.debian.tar.xz
Files: 
 ad423e0906441cb6f91d5c24fb625adc 2417 javascript optional 
dojo_1.15.4+dfsg1-1+deb11u1.dsc
 00e2d4a2542731272537a35767ca4e04 16008 javascript optional 
dojo_1.15.4+dfsg1-1+deb11u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmNJbGgACgkQ9tdMp8mZ
7unkSQ//SsN0Iu5qOa8MmYEY/C5x08EmZZe81mJl8n/oSfw4zqYdKzE3R7d9z2ba
kTaORouVJeOeCwThYdFxlDEXVXsKdBpkqdeQjgio4Fifb4QcAV7ZkovirNIPfqZp
3qI1a6HSUWCz0ph85apyzfpjCgfkjviiMD+JHJV/fCPEoOhMw5O75g6a2N0e+a/Z
snvNRepJSU/BlSYwpmk9sgZQtRSldMLcCGsTNu23AGqWTjN8JgzBVTQiRcKxE7bN
CtOWpStrJAOErZQ8/CyoP06aHSEKaxaRAKE9N675TGmbzYx/m54Q2Qlg7b3FI2d4
AGpzCmCftWnzeaIb0ED7urHvR14C9h6xMo8PTyHicjOhyjdjzr9/zJpx3ngYuyth
IOjRetxO3JvSIm1n2L15P1AhXAGr4TNPgkGvchddVisHJBigoNxAjpyHpxG8BBAS
0J0DGeOWQ2nrxFARNCdYmfNqv+pxgo07d6yaEUHb8MPpo7VfKe8hFkZ0k6gxBCQj
Vcr6bILxtZtolcLVShu4pxZtiJBD5JvcS31LoBcGx4VXGnFp3DjZwHkJbCKTpKKh
QA7QMpvvNKgshSxpi/q53npncuEvp/5XlJwkqCGpOLFRurQ2EgRRAFPmFyLzmF01
VrGQ8yfMBoH4/80f1+LQEuz63GGQkdku5B3+CFCl/MXhV0j40vA=
=W6r6
-----END PGP SIGNATURE-----

--- End Message ---
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to