Google Git
Sign in
android-kvm / buildroot / b0f825f4488ee7d78b3ea77c4bc2343da3a84ea9
commitb0f825f4488ee7d78b3ea77c4bc2343da3a84ea9[log] [tgz]
authorFabrice Fontaine <fontaine.fabrice@gmail.com>Sat Jul 23 22:10:14 2022 +0200
committerArnout Vandecappelle (Essensium/Mind) <arnout@mind.be>Sun Jul 24 10:58:26 2022 +0200
tree10c53976a1ef25e8fee099b004c4306165bdebca
parentff3b5ca2c11bae44a5410da6f8630fff1971c063 [diff]
package/jquery-validation: security bump to version 1.19.5

- Fix CVE-2021-43306: An exponential ReDoS (Regular Expression Denial
  of Service) can be triggered in the jquery-validation npm package,
  when an attacker is able to supply arbitrary input to the url2 method
- Fix CVE-2022-31147: The jQuery Validation Plugin (jquery-validation)
  provides drop-in validation for forms. Versions of jquery-validation
  prior to 1.19.5 are vulnerable to regular expression denial of service
  (ReDoS) when an attacker is able to supply arbitrary input to the url2
  method. This is due to an incomplete fix for CVE-2021-43306. Users
  should upgrade to version 1.19.5 to receive a patch.
- Use LICENSE.md instead of README.md which is available since version
  1.14.0 and
  https://github.com/jquery-validation/jquery-validation/commit/96b7036eb45375eb4861082d8ca442d94a9c666c

https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.4
https://github.com/jquery-validation/jquery-validation/releases/tag/1.19.5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2 files changed
tree: 10c53976a1ef25e8fee099b004c4306165bdebca
  1. arch/
  2. board/
  3. boot/
  4. configs/
  5. docs/
  6. fs/
  7. linux/
  8. package/
  9. support/
  10. system/
  11. toolchain/
  12. utils/
  13. .clang-format
  14. .defconfig
  15. .flake8
  16. .gitignore
  17. .gitlab-ci.yml
  18. CHANGES
  19. Config.in
  20. Config.in.legacy
  21. COPYING
  22. DEVELOPERS
  23. Makefile
  24. Makefile.legacy
  25. README