[SECURITY] [DLA 2503-1] node-ini security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2503-1] node-ini security update
From: "Chris Lamb" <lamby@debian.org>
Date: Mon, 21 Dec 2020 15:01:05 +0000
Message-id: <[🔎] 160856254788.579163.5004860242027945964@tinycat.chris-lamb.co.uk>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2503-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
December 21, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : node-ini
Version        : 1.1.0-1+deb9u1
CVE ID         : CVE-2020-7788
Debian Bug     : #977718

It was discovered that there was an issue in node-ini, a .ini format
parser and serializer for Node.js, where an application could be
exploited by a malicious input file.

For Debian 9 "Stretch", this problem has been fixed in version
1.1.0-1+deb9u1.

We recommend that you upgrade your node-ini packages.

For the detailed security status of node-ini please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-ini

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl/gt3AACgkQHpU+J9Qx
HljLCg/8D6S/XgMTo80cePZY0c+m93pWRFhy2Q8PxtFlhxVamujpmxV/n8gdBS7H
+QhshojXCb2Kl+g+LDVL779+BUxn5MNoHSbT0hyvPIxK76QnNragSjhOASDm2Ki1
OFata+uqIUWtrD8HUmQz+OE6Dqg7+617IWt3TzGUzsR3i3PT+F2NO2IVuOzIWucc
VWIV2728V7kelkYxMeV2g36YPmMKEY/v8gwIB80aXUXJqAnvYkH1DJh1uWMWBZMJ
zyZManUii0FbAXXPnjiRc39Mmv3MjIuI06qWECjs/DDL5kol4gmHrygZmfWDeyYe
d5a3g4ORtAK/LW/fJnD3KuP8oggRDp4nBnx2ukSNT0pN9tVM9AB/d6Rli/HhH68z
kwL41l/xuQkSKpepCRNYDzClZjtik9qBAgfuJvQVtU9WeXhFnZ5q2Hl8Paqc/dHz
kNslkmxWIUwm5WoMnUDwpgZlB0+4LLBIq2I09bOzpwCn7T0vjv3n+cdLLkgWCIbE
moVio0MKbnNGA9BDgzMajLKmjSLU/02gfeMJGkqWAJAfk/t3le7GT7RAoMgZlbyJ
pmJCXjIGutAL21LDW39aWGN+xgmzlZcsWktrEv3DbnEjjL2uQU7NBRJqgOws6dbv
YMbQw3IC9kIin4/wMevSikJV+aPElpnnL0N6Mx+Fj3alfGmgTAk=
=U6fv
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2502-1] postsrsd security update
Next by Date: [SECURITY] [DLA 2412-2] openjdk-8 regression update
Previous by thread: [SECURITY] [DLA 2502-1] postsrsd security update
Next by thread: [SECURITY] [DLA 2412-2] openjdk-8 regression update
Index(es):
- Date
- Thread