Debian-LTS has issued an advisory on February 29: https://www.debian.org/lts/security/2020/dla-2127 The issue is fixed upstream in 1.14.5. Mageia 7 is also affected.
Status comment: (none) => Fixed upstream in 1.14.5Whiteboard: (none) => MGA7TOO
Done dor both Cauldron and mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated dojo package fixes security vulnerability: dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them (CVE-2019-10785). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10785 https://www.debian.org/lts/security/2020/dla-2127 ======================== Updated packages in core/updates_testing: ======================== dojo-1.14.5-1.mga7 from dojo-1.14.5-1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)Status comment: Fixed upstream in 1.14.5 => (none)Version: Cauldron => 7Assignee: bugsquad => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. According to the info in MCC, this is web-developer's stuff. There are no previous updates on this. Googled a bit and found https://dojotoolkit.org/documentation/tutorials/1.10/hello_dojo/index.html but that's still over my head. Proposing to OKon clean install as we often do with Java tools, unless someone wants to have a go at the example above.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Good enough for me, Herman. Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0126.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED