Updated dojo packages fix security vulnerability
Publication date: 06 Mar 2020Modification date: 06 Mar 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-10785
Description
Updated dojo package fixes security vulnerability: dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them (CVE-2019-10785).
References
SRPMS
7/core
- dojo-1.14.5-1.mga7