Univention Bugzilla – Bug 49369
jquery: Multiple issues (4.3)
Last modified: 2019-05-02 12:35:06 CEST
New Debian jquery 3.1.1-2+deb9u1 fixes: This update addresses the following issue: * prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/jquery_3.1.1-2.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/jquery_3.1.1-2+deb9u1.dsc @@ -1,3 +1,11 @@ +3.1.1-2+deb9u1 [Thu, 18 Apr 2019 22:57:29 +0200] Xavier Guimard <yadd@debian.org>: + + * Team upload + * Add patch to prevent Object.prototype pollution + (Closes: #927385, CVE-2019-11358) + * Disable check-against-upstream-build test (autopkgtest) since file is now + patched + 3.1.1-2 [Sun, 11 Dec 2016 13:18:53 -0200] Antonio Terceiro <terceiro@debian.org>: * debian/rules: adapt path to r.js after a change in nodejs-requirejs <http://10.200.17.11/4.3-4/#8565257101314450818>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] c76e3f0a85 Bug #49369: jquery 3.1.1-2+deb9u1 doc/errata/staging/jquery.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.3-4] 6003fc1d0b Bug #49369: jquery 3.1.1-2+deb9u1 doc/errata/staging/jquery.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/486.html>