Your message dated Tue, 22 Apr 2025 10:04:25 +0000
with message-id <e1u7aul-007mrc...@fasolo.debian.org>
and subject line Bug#1055612: fixed in libjs-bootbox 6.0.3~ds-1
has caused the Debian Bug report #1055612,
regarding libjs-bootbox: CVE-2023-46998
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1055612: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055612
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libjs-bootbox
Version: 5.5.3~ds-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/bootboxjs/bootbox/issues/661
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for libjs-bootbox.
CVE-2023-46998[0]:
| Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2
| through 6.0 allows a remote attacker to execute arbitrary code via a
| crafted payload to alert(), confirm(), prompt() functions.
At time of writing, there is no upstream fix for this issue. Cf. as
well [1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-46998
https://www.cve.org/CVERecord?id=CVE-2023-46998
[1] https://github.com/bootboxjs/bootbox/issues/661
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libjs-bootbox
Source-Version: 6.0.3~ds-1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libjs-bootbox, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1055...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated libjs-bootbox package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 22 Apr 2025 11:48:15 +0200
Source: libjs-bootbox
Architecture: source
Version: 6.0.3~ds-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1055612
Changes:
libjs-bootbox (6.0.3~ds-1) experimental; urgency=medium
.
* Team upload
* Declare compliance with policy 4.7.2 (Closes: #1055612, CVE-2023-46998)
* New upstream version 6.0.3~ds
* Drop patch
* Simplify build using grunt
Checksums-Sha1:
35d5c533a177de8ef5385e61cdf707b289179897 2144 libjs-bootbox_6.0.3~ds-1.dsc
a456e7432d450e0eeb5c9ab4fc0705d1c5723ffd 98464
libjs-bootbox_6.0.3~ds.orig.tar.xz
29088dc3b5581f1c1e5d17c70a7f04bdf3c5328b 5224
libjs-bootbox_6.0.3~ds-1.debian.tar.xz
Checksums-Sha256:
e85b037ae16cfebb6dcb33eb3f48efd39f3c04b68467d395b1f7d08cc65986e6 2144
libjs-bootbox_6.0.3~ds-1.dsc
a9923ca1706e6799c93b055bbcfb534c70cd6ea26eb8d7425896b29332ffb9ac 98464
libjs-bootbox_6.0.3~ds.orig.tar.xz
0ede7d8cff7fb103c79ab4496407a5607cbb33d191f77433285e18ea55816ff2 5224
libjs-bootbox_6.0.3~ds-1.debian.tar.xz
Files:
63705677b1e2fb9b03fb68f8edcfbc5e 2144 javascript optional
libjs-bootbox_6.0.3~ds-1.dsc
ce526bcc8ce281efa2a24edcd7ec1c9c 98464 javascript optional
libjs-bootbox_6.0.3~ds.orig.tar.xz
638a1f65df1b3a5b829c72dea5148088 5224 javascript optional
libjs-bootbox_6.0.3~ds-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmgHZikACgkQ9tdMp8mZ
7ulo4Q/+Kv+hiPirrdrhpDJnpU6wksZPxcE7O6r6tSBr5pClyDcljUdnOW5oWjei
UP43Uv3RlERzjqk4D2Wj+50+yyWvlf7eiP32bRchGk+DgZZFAs3PDLo8JZmJekMz
380SLtHLA4j4A9eYLPBW3lGnaFE+MiIM4KMjiDr9rqb47SmbNplC80+CPiJKGuEi
EGEpH4GqVi6M1yiLh1tWybjBxvEmZeDtbzvZPeCyOX+4/SsjIqZfkA2AyU9P1dcL
3j0lg7E0Nz3vlVQgy4dtuCQdW67/6pK9ob30eg3eXwmYf6PMmiXfpOyuVRTR92gY
bd0lQmX/0NCrWTtLfKdMz7jiV+cHNAAKlutq5J/b1lRpA0Jf4MwJ9JaYLrgRAWd8
ORKRzccBJ5nM42/W1Rmcd0Z6CJEmJrw1H5Q3iDX2O57I67S0rTCgN/FIcg96y6FF
4Eg7nO554EqQusv9Xe2+jJBj9kH8vd/walcT6PX65cWBXo0dqCu2Q4MSbqPr5bFr
T0ej4gvEbarH8AkDTXHrqWpxKwP2VWwHPpSC1eTgoCbbLYFIlauYd4+TV0D3Ivbe
YusJGSUYQlPflk8ofTyGWKJ2vsPErmO8fxQwcW4/OwlVywwrVtQymWPyhjgfvODg
nxVvPYYvZgYv9tI5XEeYbkwSxblemnQzJ2r3exiPvD7gFKuHDiI=
=SQt9
-----END PGP SIGNATURE-----
pgpqgDYQN0cHM.pgp
Description: PGP signature
--- End Message ---
