[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Mark dojo minor issue in wheezy

Brian May bam at debian.org
Wed Feb 7 06:54:41 UTC 2018 

Brian May pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c92cd284 by Brian May at 2018-02-07T17:52:29+11:00
Mark dojo minor issue in wheezy

Sanitization of HTMl needs to happen server side, not client side.
Hence I don't consider this bug a security issue.  See
https://lists.debian.org/debian-lts/2018/02/msg00019.html for full
explanation.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -575,6 +575,7 @@ CVE-2018-6562
 	RESERVED
 CVE-2018-6561 (dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute ...)
 	- dojo <unfixed>
+	[wheezy] - dojo <no-dsa> (Minor issue)
 	NOTE: https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md
 CVE-2018-6560 (In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and ...)
 	- flatpak 0.10.3-1 (bug #888842)


=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -12,8 +12,6 @@ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 --
 clamav (Thorsten Alteholz)
 --
-dojo
---
 dovecot (Thorsten Alteholz)
   NOTE: after applying the patch, login segfaults
   NOTE: maintainer and security team are looking into this



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c92cd28471b90afd554ace9f48fb85b906ce8fdf

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c92cd28471b90afd554ace9f48fb85b906ce8fdf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180207/ccbe16c8/attachment-0001.html>

More information about the Secure-testing-commits mailing list