[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2698-1] node-bl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2698-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 01, 2021                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : node-bl
Version        : 1.1.2-1+deb9u1
CVE ID         : CVE-2020-8244


An issue has been found in node-bl, a Node.js module to access multiple buffers with Buffer interface. Due to a buffer over-read, uninitialized memory might be exposed by providing crafted user input.


For Debian 9 stretch, this problem has been fixed in version
1.1.2-1+deb9u1.

We recommend that you upgrade your node-bl packages.

For the detailed security status of node-bl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-bl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmDc7AtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdmYhAAhQZZkIwKMkP2oTG2252fkVezwD/qzHUe6Z81uo7FDng76InPTTlXPS8C
GMzQA8JqCcq0WPcR2XWwZJHLzcO71yNVd/EqyjE2+ONLV7vMAVsE25UqWjZ9ZC4o
J4JEWgUfrqH2isVw+KYuwWBemLqMJ4czAIrTWQCF6MKNAobhQQvvh5C+gE04Drn0
34NTq9S6yIqmeZsrDexktUbvlppScCZZIHMBjkZJm72kOp6wdfbUAtGGfRxP0Uyc
LSK0ILtjZId7Tl8ZdzI8dZm6I5HmDr0M+Tfvkb74o2vTbAh/JBbK5VOuQTD2qpyM
zOAsM9QMaPVmGs/D1YBm8GXuNomQa5/K7ZFL3bBC7d6s+5YXhKAfr6KCi9RvMDa6
VvsRlqIeqXTDX3knp+NoZH5QVgne/ece0kvkJSh7k/QHl7Wur4Pnc2wDEu2dZDKm
qX2QPI1PUxPMTO3Bya1DB9kBd8Qi4gRuZLyYJJOvDWZhb7CBtTWJ5Z/Msq6UFbPy
Mj5QGKxss6QeRgCkwwrmypzJes8GuHGbUVD/0IYmpOkWxSj8xF/cnAGX2OCIkOmp
fV7K16abK+yoatkYJ2qEe6BRWoYTiDJtEubwgN9x2h41qb8nL1Xwxwo8I8PKe2LV
ym37IZxg/4BOWx5kjDGGSc9R5WpKNpq7upBbddi9KvCTljt+9qU=
=IpgJ
-----END PGP SIGNATURE-----


Reply to: