Univention Bugzilla – Bug 49372
jquery: Multiple issues (4.4)
Last modified: 2019-05-02 13:22:28 CEST
New Debian jquery 3.1.1-2+deb9u1 fixes: This update addresses the following issue: * prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/jquery_3.1.1-2.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/jquery_3.1.1-2+deb9u1.dsc @@ -1,3 +1,11 @@ +3.1.1-2+deb9u1 [Thu, 18 Apr 2019 22:57:29 +0200] Xavier Guimard <yadd@debian.org>: + + * Team upload + * Add patch to prevent Object.prototype pollution + (Closes: #927385, CVE-2019-11358) + * Disable check-against-upstream-build test (autopkgtest) since file is now + patched + 3.1.1-2 [Sun, 11 Dec 2016 13:18:53 -0200] Antonio Terceiro <terceiro@debian.org>: * debian/rules: adapt path to r.js after a change in nodejs-requirejs <http://10.200.17.11/4.4-0/#8565257101314450818>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-0] 01712f5660 Bug #49372: jquery 3.1.1-2+deb9u1 doc/errata/staging/jquery.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-0] e2777841f1 Bug #49372: jquery 3.1.1-2+deb9u1 doc/errata/staging/jquery.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.4/63.html>