[Pkg-javascript-devel] Bug#970000: dojo: CVE-2020-4051
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 9 21:10:21 BST 2020
Source: dojo
Version: 1.15.3+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for dojo.
CVE-2020-4051[0]:
| In Dijit before versions 1.11.11, and greater than or equal to 1.12.0
| and less than 1.12.9, and greater than or equal to 1.13.0 and less
| than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7,
| and greater than or equal to 1.15.0 and less than 1.15.4, and greater
| than or equal to 1.16.0 and less than 1.16.3, there is a cross-site
| scripting vulnerability in the Editor's LinkDialog plugin. This has
| been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-4051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4051
[1] https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-javascript-devel
mailing list