Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

update uglifier gem for fixing a security issue (OSVDB-126747) #292

Merged
merged 1 commit into from
Aug 27, 2015
Merged

update uglifier gem for fixing a security issue (OSVDB-126747) #292

merged 1 commit into from
Aug 27, 2015

Conversation

jordimassaguerpla
Copy link
Member

It was discovered that the upstream library for uglifier Gem for Ruby,
UglifyJS, versions 2.4.23 and earlier, was affected by a vulnerability
which allows a specially crafted JavaScript file to have altered
functionality after minification. This bug was demonstrated to allow
potentially malicious code to be hidden within secure code, activated
by minification.

References:

mishoo/UglifyJS#751
https://zyan.scripts.mit.edu/blog/backdooring-js/

@jordimassaguerpla
update uglifier gem for fixing a security issue (OSVDB-126747)
49bf197 
It was discovered that the upstream library for uglifier Gem for Ruby,
UglifyJS, versions 2.4.23 and earlier, was affected by a vulnerability
which allows a specially crafted JavaScript file to have altered
functionality after minification. This bug was demonstrated to allow
potentially malicious code to be hidden within secure code, activated
by minification.

References:

mishoo/UglifyJS#751
https://zyan.scripts.mit.edu/blog/backdooring-js/
mssola added a commit that referenced this pull request Aug 27, 2015
@mssola
Merge pull request #292 from jordimassaguerpla/master
4a0f402 
update uglifier gem for fixing a security issue (OSVDB-126747)
@mssola mssola merged commit 4a0f402 into SUSE:master Aug 27, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jordimassaguerpla @mssola