Your message dated Tue, 15 Oct 2024 13:17:08 +0000
with message-id <e1t0hqc-008zai...@fasolo.debian.org>
and subject line Bug#1084983: fixed in node-dompurify 2.4.1+dfsg+~2.4.0-2
has caused the Debian Bug report #1084983,
regarding node-dompurify: CVE-2024-47875
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1084983: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-dompurify
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for node-dompurify.
CVE-2024-47875[0]:
| DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for
| HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based
| mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf
https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f
https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-47875
https://www.cve.org/CVERecord?id=CVE-2024-47875
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: node-dompurify
Source-Version: 2.4.1+dfsg+~2.4.0-2
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-dompurify, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1084...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-dompurify package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 12 Oct 2024 16:12:19 +0200
Source: node-dompurify
Architecture: source
Version: 2.4.1+dfsg+~2.4.0-2
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1084983
Changes:
node-dompurify (2.4.1+dfsg+~2.4.0-2) bookworm-security; urgency=medium
.
* Team upload
* Fix mXSS issue (Closes: #1084983, CVE-2024-47875)
Checksums-Sha1:
deecd3cb887a41585155d8dfdad32397b5c69d43 2609
node-dompurify_2.4.1+dfsg+~2.4.0-2.dsc
7b9f81cab662d1202db228ab46521c7f52c216aa 2892
node-dompurify_2.4.1+dfsg+~2.4.0.orig-types-dompurify.tar.xz
148a996cd83530498eff9fb7afe632040173dcd3 133356
node-dompurify_2.4.1+dfsg+~2.4.0.orig.tar.xz
20daebbf0436f61cbf097cd27c4a050af9f26653 5404
node-dompurify_2.4.1+dfsg+~2.4.0-2.debian.tar.xz
Checksums-Sha256:
a3849745b269ea002849798bda2c7dc674e2303c5e3726a5f58fc7bccc847ca9 2609
node-dompurify_2.4.1+dfsg+~2.4.0-2.dsc
413b4743a2aef26131b435bb93c605e52226da7772f113694a8375d849db47e3 2892
node-dompurify_2.4.1+dfsg+~2.4.0.orig-types-dompurify.tar.xz
e81d8e63005da719b938b3240309fd5c99eb42c4c6b29f0f7722aa5db4b70a7a 133356
node-dompurify_2.4.1+dfsg+~2.4.0.orig.tar.xz
1315304e5c8b1ca10f727bb00fea237b0f68078c5143784494f1fa42e51b78a5 5404
node-dompurify_2.4.1+dfsg+~2.4.0-2.debian.tar.xz
Files:
60cb145909414f0477f51477fe66d01b 2609 javascript optional
node-dompurify_2.4.1+dfsg+~2.4.0-2.dsc
5563afed0ae17f325e89892d4f3910cd 2892 javascript optional
node-dompurify_2.4.1+dfsg+~2.4.0.orig-types-dompurify.tar.xz
c8120fab1dbf2d4f276df495814cc990 133356 javascript optional
node-dompurify_2.4.1+dfsg+~2.4.0.orig.tar.xz
d93f4976415c59767b3a2a09e7423f55 5404 javascript optional
node-dompurify_2.4.1+dfsg+~2.4.0-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmcKn9UACgkQ9tdMp8mZ
7umjzg/+M0NqxOvnkRaO3v1bHZgw0GF7S0gZfPSq6BXvMVNSGCifhtwwJHz+CtBN
WoM6Cn7Hv19doR0pc41Z8CbkRVvh+BTRPziejnJLtNHq8l488+9NtD5vI1ls0qer
S84k1mxGJNb074qi3YcE0Wa5K2sRHXpUAmyiPNX6ePtHT99/MN6rGjhYKyOevFNr
B53OQw6fHlOUp0CBqIQDF+F3ICdxtHxH+rfDIKNp0PGhsp34zTJ44cv9+tI3TA7J
GUZ61dBPG7cy+yEqxccnXJhZr5GFHHIl9Zv3xehaq3i4LKa6hWhY80UlwdZcob/r
77DHSvnJDrh7pF6Fs7pMgoEn2GXx1BcxdBGTDj78cThyPV6hpUW2Tpl8Nx/mz+eo
thEm7pEUEfrCHUQLGf5GMkigcJvuO+mD+d+cQC9ngVO3ZES6inijEoGeQ0HecTz7
jvq0Gv3JItxpZNo7M746VeF4YXjR3E7keaRvaSqIlnWTsyQqntxvTzjivEbAtMBU
dSB23FHsvSwtSglhUx01gX9b95/1e22EuieUggF/xueSDCXP+3Lk9JjD7zQybnFq
up9GtoARlpBztt9a2miFqAdFVSnnfd5ZBaoTclpVHGagZ0+ac48Fw7yjfm2ttzco
P5JLBvD1EGIO0hM+oymjz7MVF1ee2w7uh3GnI6fKCNCmGncytkk=
=q+Gq
-----END PGP SIGNATURE-----
pgpIrD_fvTzhX.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
