diff --git a/debian/changelog b/debian/changelog index 1ba807d..0221707 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +node-prismjs (1.29.0+dfsg+~1.26.0-1deepin1) unstable; urgency=medium + + * Fix CVE-2024-53382: DOM Clobbering vulnerability in currentScript + lookup + + -- deepin-ci-robot Wed, 29 Apr 2026 21:04:17 +0800 + node-prismjs (1.29.0+dfsg+~1.26.0-1) unstable; urgency=medium * Team upload diff --git a/debian/patches/cve_2024_53382.patch b/debian/patches/cve_2024_53382.patch new file mode 100644 index 0000000..0173111 --- /dev/null +++ b/debian/patches/cve_2024_53382.patch @@ -0,0 +1,26 @@ +Index: github-node-prismjs-53382/components/prism-core.js +=================================================================== +--- github-node-prismjs-53382.orig/components/prism-core.js ++++ github-node-prismjs-53382/components/prism-core.js +@@ -222,7 +222,7 @@ var Prism = (function (_self) { + if (typeof document === 'undefined') { + return null; + } +- if ('currentScript' in document && 1 < 2 /* hack to trip TS' flow analysis */) { ++ if (document.currentScript && document.currentScript.tagName === 'SCRIPT' && 1 < 2 /* hack to trip TS' flow analysis */) { + return /** @type {any} */ (document.currentScript); + } + +Index: github-node-prismjs-53382/prism.js +=================================================================== +--- github-node-prismjs-53382.orig/prism.js ++++ github-node-prismjs-53382/prism.js +@@ -227,7 +227,7 @@ var Prism = (function (_self) { + if (typeof document === 'undefined') { + return null; + } +- if ('currentScript' in document && 1 < 2 /* hack to trip TS' flow analysis */) { ++ if (document.currentScript && document.currentScript.tagName === 'SCRIPT' && 1 < 2 /* hack to trip TS' flow analysis */) { + return /** @type {any} */ (document.currentScript); + } + diff --git a/debian/patches/series b/debian/patches/series index 0c6545f..2125f5f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ drop-prettier-in-test.patch +cve_2024_53382.patch