Bug 49369 - jquery: Multiple issues (4.3)
jquery: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-4-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-29 07:58 CEST by Quality Assurance
Modified: 2019-05-02 12:35 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 5.6 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2019-04-29 07:58:08 CEST
New Debian jquery 3.1.1-2+deb9u1 fixes:
This update addresses the following issue:
* prototype pollution in object's prototype leading to denial of service or  remote code execution or property injection (CVE-2019-11358)
Comment 1 Quality Assurance univentionstaff 2019-04-29 09:00:48 CEST
--- mirror/ftp/4.3/unmaintained/4.3-0/source/jquery_3.1.1-2.dsc
+++ apt/ucs_4.3-0-errata4.3-4/source/jquery_3.1.1-2+deb9u1.dsc
@@ -1,3 +1,11 @@
+3.1.1-2+deb9u1 [Thu, 18 Apr 2019 22:57:29 +0200] Xavier Guimard <yadd@debian.org>:
+
+  * Team upload
+  * Add patch to prevent Object.prototype pollution
+    (Closes: #927385, CVE-2019-11358)
+  * Disable check-against-upstream-build test (autopkgtest) since file is now
+    patched
+
 3.1.1-2 [Sun, 11 Dec 2016 13:18:53 -0200] Antonio Terceiro <terceiro@debian.org>:
 
   * debian/rules: adapt path to r.js after a change in nodejs-requirejs

<http://10.200.17.11/4.3-4/#8565257101314450818>
Comment 2 Philipp Hahn univentionstaff 2019-04-29 14:42:46 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-4] c76e3f0a85 Bug #49369: jquery 3.1.1-2+deb9u1
 doc/errata/staging/jquery.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[4.3-4] 6003fc1d0b Bug #49369: jquery 3.1.1-2+deb9u1
 doc/errata/staging/jquery.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
Comment 3 Arvid Requate univentionstaff 2019-05-02 12:35:06 CEST
<http://errata.software-univention.de/ucs/4.3/486.html>