Univention Bugzilla – Bug 53000
jquery: Multiple issues (4.4)
Last modified: 2021-03-31 18:36:53 CEST
New Debian jquery 3.1.1-2+deb9u2 fixes: This update addresses the following issues: * Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
--- mirror/ftp/4.4/unmaintained/4.4-1/source/jquery_3.1.1-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/jquery_3.1.1-2+deb9u2.dsc @@ -1,3 +1,11 @@ +3.1.1-2+deb9u2 [Sat, 20 Feb 2021 15:04:37 -0500] Roberto C. Sánchez <roberto@debian.org>: + + * Non-maintainer upload by the LTS Team. + * Prevent untrusted code execution when passing untrusted HTML to DOM + manipulation methods. (CVE-2020-11022) + * Prevent untrusted code execution when passing HTML containing <option> + elements to DOM manipulation methods. (CVE-2020-11023) + 3.1.1-2+deb9u1 [Thu, 18 Apr 2019 22:57:29 +0200] Xavier Guimard <yadd@debian.org>: * Team upload <http://piuparts.knut.univention.de/4.4-7/#8565257101311203243>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 35de91820c Bug #53000: jquery 3.1.1-2+deb9u2 doc/errata/staging/jquery.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x940>