Advisories ยป MGASA-2020-0126

Updated dojo packages fix security vulnerability

Publication date: 06 Mar 2020
Modification date: 06 Mar 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-10785

Description

Updated dojo package fixes security vulnerability:

dojox was vulnerable to Cross-site Scripting. This was due to
dojox.xmpp.util.xmlEncode only encoding the first occurrence of
each character, not all of them (CVE-2019-10785).
                

References

SRPMS

7/core