-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3665-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès November 25, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : node-json5 Version : 0.5.1-1+deb10u1 CVE ID : CVE-2022-46175 Debian Bug : 1027145 node-json5 a pure javascript implementation of JSON5 standard, was vulnerable to prototype injection during parsing. For Debian 10 buster, this problem has been fixed in version 0.5.1-1+deb10u1. We recommend that you upgrade your node-json5 packages. For the detailed security status of node-json5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-json5 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVidiYACgkQADoaLapB CF+yHA/7BZ7SdhEC1KeODX0iqMLV1SdPAP2XBqiwctQYrWaywkrFW5wCb2Z1Jp7p taX1G3AfdcPYUBKqzY+N56n0YE9g2dU/V7bQIwwkQ6/JDSMVpYNcJGyOtkB755tX hdi0CRe/9o2YqiVA5D6aB+74S0JqxK5tnWSKmYpgvgiP/N3gKLAtxRVBHcTMGB9z JfUiMno+wz4dYchYygR2ODzQD6xkS5jOt78x2m52Ie1bQJzMEwAd2R912/YCy5tg adKAQEmrNbWSiI8iSwPmwuYOL8F5dSBiGejbPsgnBaoDoWtHlt6UUm6R3Dia/5vw LxcLmHPCszVaXJB7L83de8MlZqqzyNOJcANCxdNfcfRm4MG9hAg143CEKtsRAMIK gwd1guE13Teno1FB6qxsMdHB15vRuQ0gWqd01/5gYly0DhCUMxQFUDKoiePY8fvO 6r5Ed6oHItNLEnAtdaeofedd7516XRyBFXMagkDkxNcD2t8Of3oQv22SQRH8kIqQ EYqB8QOv4blZRlWgmOTJ9b9QizwDGRKM1lJgD2mKrvpTIUYwC8iy3NF2/Ux4wIN8 e+Lkc/pjG/QKo9DgVCIyH53iZ7snkLX5P2/a+rpq1UV9OECK1Z674+/sVFaHPB5q aUZrjQeSHXwufWdBgMj85x+a2NavY2WlGwRa8/zZuSh6kLvjcrY= =KlQ5 -----END PGP SIGNATURE-----