Your message dated Wed, 31 May 2023 20:57:22 +0200
with message-id <zheykuped0tbi...@eldamar.lan>
and subject line Accepted jquery-minicolors 2.3.5+dfsg-4 (source) into unstable
has caused the Debian Bug report #1031791,
regarding jquery-minicolors: CVE-2021-32850
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1031791: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031791
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: jquery-minicolors
Version: 2.3.5+dfsg-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for jquery-minicolors.
CVE-2021-32850[0]:
| jQuery MiniColors is a color picker built on jQuery. Prior to version
| 2.3.6, jQuery MiniColors is prone to cross-site scripting when
| handling untrusted color names. This issue is patched in version
| 2.3.6.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-32850
https://www.cve.org/CVERecord?id=CVE-2021-32850
[1]
https://securitylab.github.com/advisories/GHSL-2021-1045_jQuery_MiniColors_Plugin/
[2]
https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: jquery-minicolors
Source-Version: 2.3.5+dfsg-4
----- Forwarded message from Debian FTP Masters
<ftpmas...@ftp-master.debian.org> -----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 31 May 2023 16:44:37 +0400
Source: jquery-minicolors
Architecture: source
Version: 2.3.5+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Debian JavaScript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Changes:
jquery-minicolors (2.3.5+dfsg-4) unstable; urgency=medium
.
* Team upload
* Declare compliance with policy 4.6.2
* Fix cross-site scripting issue (Closes: CVE-2021-32850)
Checksums-Sha1:
67cedb34a3218a1f1088d1edbe30caef7f18f643 2064
jquery-minicolors_2.3.5+dfsg-4.dsc
155bc5ab18516e9c1813b084ebe19c13efca5818 4840
jquery-minicolors_2.3.5+dfsg-4.debian.tar.xz
Checksums-Sha256:
cf9934693d1f54670a68fb89ac59dde8c203734cf3e2a4a00f175933741caf62 2064
jquery-minicolors_2.3.5+dfsg-4.dsc
d0a8a02438629da14daeecdbba9c476a1316fb277c73cc93677313c697356dc7 4840
jquery-minicolors_2.3.5+dfsg-4.debian.tar.xz
Files:
ac8a8e1f33d14098d25158e13530bd09 2064 javascript optional
jquery-minicolors_2.3.5+dfsg-4.dsc
74d71eede5d66409326b7473c5b165f6 4840 javascript optional
jquery-minicolors_2.3.5+dfsg-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmR3QXMACgkQ9tdMp8mZ
7umdaQ/9EhS9HIufpHiWT/16f3YrrbJy7wSrWxltytTHf8VUty38urR4aBjCx7Jn
D/r+XESkfFFK+zaXrFX9qUXmdi+nHtcqCNiLhxLGv7uaGiiOQt8zkjugxehBCdmu
ugcQaQZxK1lt0BmP5W4hi5ByNrXpLyY0Y8VVa44qjBptLzcG9GJDF9tuM0+AMilx
DEWWz1C1ShWJDlGuM+uTgPdQe0dkWeWlSodrjqcTspOqVLnqp0h9Bj3lydephk/0
WO9kl+11PPk/CHljCO4evUewmqHU3eGMCL0hcgK0s4Vj82zcp8LzDfhZV5YUZT6w
coxLk+echB4qVeva/DCnM4jUGgSFJQxT1Xil6vJSEHPlyFWvsucdjvCr9DOL6abi
qPikkT6O+NnpN128EipKAHz4nQzEUy/8Yuj8HgK8To3ypNK2PGD6Y5qLqaSdUt9u
dH6IMb4cLS1TIHnkEtyZrjos7EDUq5gHQAzIiuV4e146io9NyBncE6jTYIr8TKYC
gDnBr8pijO3NQFVNmJAmVNewGXw9gaf2jbibHJoQS/ZcVINvVAkZxei/4T8wp7Gp
VpGi17s++rKdfi8pSD1nEc/TT2phTTKZMrMsoAkINvUDOPDc93jCYzmK2kAZvKKF
n0b5hHjgX8IGt2Uor/BtK2IWx0fhr1UEg8c0jyRAjs2bVCI3x1M=
=cPoo
-----END PGP SIGNATURE-----
----- End forwarded message -----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
