packagers - [packagers@sympa] CVE-2021-32850 / CVE-2021-4243: XSS in jquery-minicolors

Subject: List for people interesting in developping and using Sympa packages

List archive

[packagers@sympa] CVE-2021-32850 / CVE-2021-4243: XSS in jquery-minicolors

From: IKEDA Soji <address@concealed>
To: address@concealed
Subject: [packagers@sympa] CVE-2021-32850 / CVE-2021-4243: XSS in jquery-minicolors
Date: Tue, 21 Feb 2023 10:16:37 +0900

Hi packagers,

CVE-2021-32850 was disclosed (it looks a duplicate of CVE-2021-4243), and it has been fixed on upstream: See also
https://securitylab.github.com/advisories/GHSL-2021-1045_jQuery_MiniColors_Plugin/

It is planned that the next release of Sympa will ship with fixed version of jquery-minicolors: See also
https://github.com/sympa-community/sympa/pull/1562

However, separate action is required for packages that do not use the one shipped with Sympa, e.g. Debian.

Regards,
-- Soji

--
株式会社コンバージョン
ITソリューション部システムソリューション1グループ池田荘児
e-mail address@concealed
https://www.conversion.co.jp/

[packagers@sympa] CVE-2021-32850 / CVE-2021-4243: XSS in jquery-minicolors, IKEDA Soji, 02/21/2023

List archive

[packagers@sympa] CVE-2021-32850 / CVE-2021-4243: XSS in jquery-minicolors