Debian-LTS has issued an advisory on January 29: https://www.debian.org/lts/security/2023/dla-3289 The issues are fixed upstream in 1.16.5 (and possibly 1.14.9): https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
Status comment: (none) => Fixed upstream in 1.16.5
Done for mga8!
CC: (none) => geiger.david68210
dojo-1.16.5-1.mga8 from dojo-1.16.5-1.mga8.src.rpm
Status comment: Fixed upstream in 1.16.5 => (none)Assignee: mageia => qa-bugs
Tested in a VirtualBox Plasma guest. Referring to past updates, bug 26287 and bug 26335, I'm OKing this on the basis of a clean install over the previous version. Validating.
Whiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0039.html
Status: NEW => RESOLVEDResolution: (none) => FIXED