Univention Bugzilla – Bug 49536
dojo 1.12.1: multiple issues (ES 4.3)
Last modified: 2021-06-14 09:55:27 CEST
+++ This bug was initially created as a clone of Bug #49535 +++ The snyk npm monitor currently shows these vulnerabilities for the dojo toolkit: * unescaped string injection in dojox/Grid/DataGrid (CVE-2018-15494) https://access.redhat.com/security/cve/cve-2018-15494 * https://security-tracker.debian.org/tracker/CVE-2018-1000665 https://access.redhat.com/security/cve/cve-2018-1000665 * https://snyk.io/vuln/npm:dojo:20180818
Resolved: Package imported and copied to extsec4.3 scope
Reopen: Wrong comment above, i mistakenly edited this bug with several others for ES 4.3. We have to wait for the fix in UCS 4.4 / UCS 5 before we can backport dojo at this bug. I fixed the "depends on" bugnumber.
should be still relevant for UCS 4.4
(In reply to Ingo Steuwer from comment #6) > should be still relevant for UCS 4.4 no, wrong bug -> still UCS 4.3
Extended security maintenance for UCS 4.3 ended on 31 May 2021. As the dojo update was not yet done in UCS 4.4 (bug 52138) the fix could not be backported to UCS 4.3 extsec.