[From nobody Sun Apr 5 20:51:05 2026 Received: (at 1125184-close) by bugs.debian.org; 5 Apr 2026 19:48:39 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-113.1 required=4.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FVGT_m_MULTI_ODD,HAS_BUG_NUMBER, MD5_SHA1_SUM,PGPSIGNATURE,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_NONE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 12; hammy, 150; neutral, 204; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo. Return-path: <envelope@ftp-master.debian.org> Received: from mitropoulos.debian.org ([2001:648:2ffc:deb:216:61ff:fe9d:958d]:52772) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1w9TSZ-00GF8r-1z for 1125184-close@bugs.debian.org; Sun, 05 Apr 2026 19:48:39 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by mitropoulos.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1w9TSW-00CZE6-2N for 1125184-close@bugs.debian.org; Sun, 05 Apr 2026 19:48:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=dlKeWhRnUL/L3WdpeAwosr+oqJ5MKkFEmn2NN2X9TpM=; b=S6owOylhDRV6zkc/5WhT0Elp5j 7U1c+uzZDlye/RvN4q6T7tuRxv+ZI25T4oXoMDMafBbAX8ztr0QVEIqCFDVR0+v/MB8qbP1pfnpAq vNQtoEy80i4trwsl6aCuabgdJyFreAMu5JLNp5RT8k5eaRWnVkkTszBB2IhI0FBJbXMHyTk87UGRF PvxKtR1tOR2MMNxP+bBB1hDvG/D9weFDw6Wyn7VDeKdm6ArypF8f8w/RPpvghcI99wn5dvGQyFx2K UqUqlamw4ftn6Asrk3o++K+AE/+a+3rAfXGeG1j3hxrtyiokfAGivKJ6DLkyx5UxICO4ul73pQmL9 ieBs5sMg==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1w9TSV-0000000El7I-2Cc2; Sun, 05 Apr 2026 19:48:35 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Xavier Guimard <yadd@debian.org> To: 1125184-close@bugs.debian.org X-DAK: dak process-upload X-Debian: DAK X-Debian-Package: vega.js Debian: DAK Debian-Changes: vega.js_5.33.1+ds+~cs5.3.0-4_sourceonly.changes Debian-Source: vega.js Debian-Version: 5.33.1+ds+~cs5.3.0-4 Debian-Architecture: source Debian-Suite: unstable Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1125184: fixed in vega.js 5.33.1+ds+~cs5.3.0-4 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============3253232440804758926==" Message-Id: <E1w9TSV-0000000El7I-2Cc2@fasolo.debian.org> Date: Sun, 05 Apr 2026 19:48:35 +0000 --===============3253232440804758926== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: vega.js Source-Version: 5.33.1+ds+~cs5.3.0-4 Done: Xavier Guimard <yadd@debian.org> We believe that the bug you reported is fixed in the latest version of vega.js, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1125184@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard <yadd@debian.org> (supplier of updated vega.js package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Apr 2026 21:24:58 +0200 Source: vega.js Architecture: source Version: 5.33.1+ds+~cs5.3.0-4 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.= debian.org> Changed-By: Xavier Guimard <yadd@debian.org> Closes: 1125183 1125184 Changes: vega.js (5.33.1+ds+~cs5.3.0-4) unstable; urgency=3Dmedium . * Fix XSS in vega-interpreter (Closes: #1125183, CVE-2025-59840) * Fix XSS in vega-selections (Closes: #1125184, CVE-2025-65110) Checksums-Sha1:=20 f6779659aa4118840c36342b73afb443b4ff3a18 3477 vega.js_5.33.1+ds+~cs5.3.0-4.d= sc 2d8bcf1d1d4945563b45aa3e0bf345ebb9b979c2 10380 vega.js_5.33.1+ds+~cs5.3.0-4.= debian.tar.xz Checksums-Sha256:=20 01f299ed8b1229fe3378a7adc143771c19285fee0f550a79cc0afdd5159e6fdb 3477 vega.j= s_5.33.1+ds+~cs5.3.0-4.dsc 2bb96aff6fe8a70517df5f151acfe4a7360207cc23b66107717ce939b012cdf6 10380 vega.= js_5.33.1+ds+~cs5.3.0-4.debian.tar.xz Files:=20 0d0eb3ce0aafea73f82f3ff295629dd3 3477 javascript optional vega.js_5.33.1+ds+= ~cs5.3.0-4.dsc 0bda13351a9ab695f2e5ff3ddde0828c 10380 javascript optional vega.js_5.33.1+ds= +~cs5.3.0-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmnSt8EACgkQ9tdMp8mZ 7ukowA/7BaNBNN27d6zLVoxl4cZaoSlhWLuzq4E8+vXYU14FYd1Plnv4f6gbRdgp LXK6Vw8bujZzOSwZs+WuXWYUuRLienF7QflQbHPHA74J0+fRqcSP/qj1BW25I/rH WsdWBVtHVDmk2ZL/2oK3dk3nVW3QHDAnZXI1T1axJZiFBEzzhVuJg9FRdgBhVE8F NKa6pegZIxqJp1RmERNTpt9ekd/MObPIH2DkA6ZB2Jk9ezoR7gHqpE1vp038Cli0 kw5iQ5Ah6owfkTAp4d+aQjpIvDUD3OJiX3upuqGE5qfwaJOjQp2UC/2YM8moIWiX NyM5675g9oOZ17XlTRfViQ9HcjntfHIZIaj51FNomK44xAURRcHSuU6DYXVPJ7zN SwpGEWSOpc+lriPjE8RjEhg3k/16RjFZgcRWFON1FLqvqGuyyZCu76VEYu8meVT5 vcZvpp1vELSXdpufDYTR9tQmpszZXktwu8ao4K6SDBZG2pMGFcVAl1WuJXBZTxNk 8DsL+Kp6ISUnyV8JlW7y+9H9LwE2Mm9VH1zRSMPTZHTQZXIFjFym13jlAQGoj1Mw 45qKpjG6GU/j5klafBaWyqIXVhB3Qn8rKn3L0FpPiX6Fch1RUgjGMmXonud3jrN+ +NthgKIFcGp2LGDiIIEhUDwGztXC9vG+V+Mn2lyy0SEoS0/apKQ=3D =3DYvKM -----END PGP SIGNATURE----- --===============3253232440804758926== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCadK8kwAKCRCb9qggYcy5 IZqmAQCaavau7/qpl+yRuI4RObhpWZ+djaKRueI9CHRNsHns8wD+PMx+oM9s4ucL SGZ0K2xxlS7jBSsi9zqKuTsC1xDRwQw= =j/vs -----END PGP SIGNATURE----- --===============3253232440804758926==-- ]