[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3154-1] node-xmldom security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3154-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
October 18, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : node-xmldom
Version        : 0.1.27+ds-1+deb10u1
CVE ID         : CVE-2022-37616
Debian Bug     : 1021618

It was found that the Node XML DOM library was vulnerable to prototype
pollution.

For Debian 10 buster, this problem has been fixed in version
0.1.27+ds-1+deb10u1.

We recommend that you upgrade your node-xmldom packages.

For the detailed security status of node-xmldom please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-xmldom

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmNOwNgACgkQnUbEiOQ2
gwLoEw//Q8vorv27NY829orVd9keIIzEXMUqU2z2DbFB8hjW2Na3/5DuupnDPlCL
893Ra8DKGz3x7MBtxlKgsenXFeKwLBWli9DXpAIUOIs+syxlp9sj0jQMMV3Ym+Gu
7hLeaUTWXK5LRPKok4nc3mg5QYI9/ReaWxxTNrNtzEgR41Nmg4Y0igHmjQ0Ps4Vc
tXpEWmXowKskfR2F5Vw9NM5icBh1VkDqhjQLNxfz3jACv6HMFkvrd9QnNQUxftMo
yQf+1qvDkG2figNXFlWya1yPTVvg8AdPTTNbze5L86BCpjapL3wh2zuX7pAc9bvZ
kgM5BfrD/kW2njy6y0pDQNs2r4JO8boitaEAa/76ect7V8l0KcYybf/9+SuAfwRS
I6EttWOAcMvQ4omsiTmKk7IT1PjmW8oSSHiKrlXJngmQabu6vmfFzgP2khsNMrQt
HVXgSKqdGTBfUh5RvUF+5AphCTioJiRc0+XPlJ4pxVp8Cc4uxu+fOrNRjrzzstDv
4jqM2CrYoqFzUUqVKk9y+QhbciSaYAqo+k5Wao3KX0orW1FGqwb8s7t1QSmZ79rP
vdG76bcoEvZq0eG8p2MKXK1Wq+G11XTKbcbqPF3Zqw0/V2016fv+PGtDMT7D0CK3
RG6DlBa6sN/BXXk0o9WOPdyWu+XzxuGl9a/vnfygIdmLvjvzEXY=
=ojTO
-----END PGP SIGNATURE-----


Reply to: