[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2511-1] highlight.js security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2511-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
December 30, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : highlight.js
Version        : 8.2+ds-5+deb9u1
CVE ID         : CVE-2020-26237


An issue has been found in highlight.js, a JavaScript library for syntax highlighting. If a website or application renders user provided data it might be affected by a Prototype Pollution. This might result in strange behavior or crashes of applications that do not correctly handle unknown properties.


For Debian 9 stretch, this problem has been fixed in version
8.2+ds-5+deb9u1.

We recommend that you upgrade your highlight.js packages.

For the detailed security status of highlight.js please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/highlight.js

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl/tAStfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeQqw/9GOSvNGUvXWBoRvl9mH4Jg3qzTnegY0CDxWYSJ0xHjANzNxjpaiYdFx2d
Oi79MZ+MongGlsXI+wcoIkwmLxHIh2BG/CairEPuHsIg4dFcrdy3KUBkTiovwy5T
LlzCjcGe4Fwfg5K/vc8YnWfLenYFyr6ekcPRxb40CnxbRnUAth7lVDA8tgTR8ocz
RnfDRVztcduhShGvMjCA9bZBQ//lnNMcCm1YMtT0eqSpV2tCo//OvuRSzLPp/Dsj
gBbolVrJA8vn9Xf1M3iaR9PM24vl+D1R2byiaezfqPebLdxs2xiGiTkwCljnp+5O
8JQAsmX/5wQPv4rIN6KtEDjcEuBrwTqLfZOELszyAeUZmbjF8fMPWxYkZsr1x6K5
5X52H0gv9iwkLsAsAH6fYruDRr8twyPiw15GFMbNnbz+77vSBrFIpJFsq1dkGCyA
cWMLBtwQ5bz9Qtql0jgJN47KC1PcZmjFbkVbSIT5KcehfJFSHESKBZMgbQbHy2bE
L6jCYufL2q14sqPGt1pmf/lS3FD8s1xG3IxbMGQbNhaXQAWmy/SF+BYvYF/mYrPh
3lmD9cVyqgL63DRfI+t+CCaT3NgdWZ8Accv1g6la2u5OrnIDyQNFnnbtzn1jYKCv
NXj9YgzW2UTtSkc6jFPIiZGg0qj8E8jEFfHPTq4gVq6vnMRBwKI=
=Pccp
-----END PGP SIGNATURE-----


Reply to: