[SECURITY] [DLA 3386-1] grunt security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3386-1] grunt security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 06 Apr 2023 14:00:18 +0100
Message-id: <[🔎] 168077428707.283984.16863645007526899376@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3386-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
April 06, 2023                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : grunt
Version        : 1.0.1-8+deb10u3
CVE ID         : CVE-2022-0436
Debian Bug     : 1009676

It was discovered that there was a potential path-traversal
vulnerability in GruntJS, a multipurpose task runner and build
system tool. This could have been exploited via malicious symlinks.

For Debian 10 buster, this problem has been fixed in version
1.0.1-8+deb10u3.

We recommend that you upgrade your grunt packages.

For the detailed security status of grunt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/grunt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmQulIwACgkQHpU+J9Qx
HlgPpg//WEkim/eBKBrxVmT6IjsSuDWhtdbc8WSf5CjuBhx0UOXG9p0QPjNov/Xo
HoG0KrUK4+UKvVHyKvMlOPLT1E1nAuS8ySxMbi1Ic7GWpcTdosed+0tfKkPnMQpO
vnOHJqtJNPbgNrazF1Qz36Jt2QzXJtYrMAqtn7ECXFLSnpjQ/403bJGlNFLI3Xca
M16Hf1ld3zuIESdzOsQ/DnBnA1KYhEDGBV2XYMns54MzONwx36poKVIzY2YrwOid
u/0cNoG8OB0dEX8yLJkVB3xBS/FxOk99/XoTXqwqP3JbJ2v64B6OY2WN+Y2lNCNo
gY/3WOXl1bKB7Goh9k1bgmhYSGf6dQauhFBAMzuX8x2aED6VsCLYKXshreiZRPXS
NVZX8+wCF6DUYHbABlBQrReun/DVlE/Qgt+MJY69iyjYkIu4c41Q1Aq4PCAWNAs3
BqoRzDVflou2gY/VKIhFX2OggBP/wf0CPu9WVMOUjWbVm2tknsTgrX+1q4p7LYwG
Wl/j5/vCpEPJRDx+6CL8x+JDXPJfSIfh6FXL+m9sRViNup8MBQiLzilQcW/+50z3
g13iJJferkdXxDjzl+oEMp55OX++funxtDJV+iyZh4NWv9edsI+8nQDB2dQ70CBI
M6u8Qgv6EGD8mBaIC2Ip9TW8qgtCJV1KfKMRyi482Yj/dbU1Mzg=
=1w/E
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3385-1] trafficserver security update
Next by Date: [SECURITY] [DLA 3387-1] udisks2 security update
Previous by thread: [SECURITY] [DLA 3385-1] trafficserver security update
Next by thread: [SECURITY] [DLA 3387-1] udisks2 security update
Index(es):
- Date
- Thread