-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3561-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb September 11, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : node-cookiejar Version : 2.0.1-1+deb10u1 CVE ID : CVE-2022-25901 It was discovered that there was a potential Regular Expression Denial of Service (ReDoS) attack in node-cookiejar, a Node.js library for parsing and manipulating HTTP cookies. An attack was possible via passing a large value to the Cookie.parse function. For Debian 10 buster, this problem has been fixed in version 2.0.1-1+deb10u1. We recommend that you upgrade your node-cookiejar packages. For the detailed security status of node-cookiejar please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-cookiejar Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmT/bpgACgkQHpU+J9Qx HljIOQ/9F6beLpCvWe3n5uNAGGAbRMdVzZi/ypd7ag0BfTRX77QHGI2sLxPrhW/6 QX//1+nBvZD9DT0po3acJ5Q4OQ0cEwqpqU3NiUbyaaaB3JwcnZFBxTScBIFtJH46 2G0k5UvBxeCAf201QTpdYi31O+jvA6Ot7nKNChSKSJAGhdTNyoF/u0cGvElgGXog wk58kbzVqKFuYoRC57P7h4rvXmRAjmIbj0UFMNImwCv24e9aTVx4DOm95pofAOCH mhvQLlojXiHjRfuvBY4bDod3DGuFu8fi3eQZLmnBhrutyvBktua4869nVPGAghKF +ZtDCZ4caWdYg+8JyuaeqByOXLbqZBGCoUos903t9VznyYV5Qn22jP0FXnQPUqS6 rQSdpYvoTQtoz8BYPLHwqEXIkDO/judpPFy3uKjpboJOCfpLLxhgC6d7wGj/PXGM apT9fUSmMjrKkfHrhHR76ZlN6OwCnWtBXXHq5+DfVYC895+53QYv0iDp/b9Y3tRx rH7pzOOWvpEA2qE8p3HsZK2qCoHGNn0mcGBKww17voiVO0kjm3vn9wVSZo4GR3qz Pv1jrNKEmLYvxyZrPIzVRwBhpTyQP/BLZvYfaTtpomywvdGZk7vhvW2E7CgjEo/n zA47CoH6eavxoyUIspUvZrOgTeodkpzKYeB6v0wCn9dvooq4kPY= =K4nM -----END PGP SIGNATURE-----