-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3247-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb December 23, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : node-trim-newlines Version : 1.0.0-1+deb10u1 CVE ID : CVE-2021-33623 It was discovered that there was a potential remote denial of service vulnerability in node-trim-newlines, a Javascript module to strip newlines from the start and/or end of a string. This regular expression Denial of Service (ReDoS) attack exploited the fact that most Regular Expression implementations can reach extreme situations that cause them to work very slowly in a way that is exponentially related to the input size. An attacker can then cause a program using node-trim-newlines (and thus the offending regex) to enter one of these extreme situations and then hang for a very long time. For Debian 10 buster, this problem has been fixed in version 1.0.0-1+deb10u1. We recommend that you upgrade your node-trim-newlines packages. For the detailed security status of node-trim-newlines please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-trim-newlines Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmOlbdsACgkQHpU+J9Qx HliwlA/+Pys1jm5/6MVSg0utSNN/WeJU2FgyAjKarfectokRWBXLE99FEIVuGSZW gSOmbcBptbzaYvZSBnjnYm6vy1yMSILo6+tEdbJKnK7Xb/oHg7GoiHvCn0IiUXoI WyxXjBWqqkw7geL1D4HZpwQzgWwyAayia7cLmANY3TwsxQG6WYmE2KP90uUIYtDm JPP8ybPPeV9UyLGw/GZOsbzn3YJXT5tXrwZvJAYH0xWMZzzGJyfdse8kFJnuBJsl VWblHfPcm9nrp3or96mzPseNyGqOEBV36VK3uLt9baXWIro0nLwZ98/VN5+LcCeV zKZV9fgfZ9LC+A+wCy9YnfMm8/DQapLH8I+WSxhi43/UfxyBK20LB95sWe4+W3zk bxO3Yku5Diw+WfozMU9iFEiT8vYcOSW6CzGDbeDJxW6RdNN6WVg9R+7WDWiFhobo T+k9HvVpwfEFmEZF1WYuG0RBpsJukTX+CTgFuCf8/khv7c+UAClqVJrzDnS0l6pe AGwjsipim9b9yk5b7BqPrVPd1xm5IkWPZRai2Zko0ObTr3AUcNf57k8EZnmSF0yF jIkVmO4vgKSp6wMtAKif9yiwIagUIKSdUag4S5MUQp8dEd0Y/ScecsXA9UbbvsYT K5PgNlifiqqU5i/2pUxY9yr9CU1J1yr7qeh6tuWPczNOP+IzCVQ= =4j6A -----END PGP SIGNATURE-----