[SECURITY] [DLA 2511-1] highlight.js security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2511-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
December 30, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : highlight.js
Version : 8.2+ds-5+deb9u1
CVE ID : CVE-2020-26237
An issue has been found in highlight.js, a JavaScript library for syntax
highlighting. If a website or application renders user provided data it
might be affected by a Prototype Pollution. This might result in strange
behavior or crashes of applications that do not correctly handle unknown
properties.
For Debian 9 stretch, this problem has been fixed in version
8.2+ds-5+deb9u1.
We recommend that you upgrade your highlight.js packages.
For the detailed security status of highlight.js please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/highlight.js
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl/tAStfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeQqw/9GOSvNGUvXWBoRvl9mH4Jg3qzTnegY0CDxWYSJ0xHjANzNxjpaiYdFx2d
Oi79MZ+MongGlsXI+wcoIkwmLxHIh2BG/CairEPuHsIg4dFcrdy3KUBkTiovwy5T
LlzCjcGe4Fwfg5K/vc8YnWfLenYFyr6ekcPRxb40CnxbRnUAth7lVDA8tgTR8ocz
RnfDRVztcduhShGvMjCA9bZBQ//lnNMcCm1YMtT0eqSpV2tCo//OvuRSzLPp/Dsj
gBbolVrJA8vn9Xf1M3iaR9PM24vl+D1R2byiaezfqPebLdxs2xiGiTkwCljnp+5O
8JQAsmX/5wQPv4rIN6KtEDjcEuBrwTqLfZOELszyAeUZmbjF8fMPWxYkZsr1x6K5
5X52H0gv9iwkLsAsAH6fYruDRr8twyPiw15GFMbNnbz+77vSBrFIpJFsq1dkGCyA
cWMLBtwQ5bz9Qtql0jgJN47KC1PcZmjFbkVbSIT5KcehfJFSHESKBZMgbQbHy2bE
L6jCYufL2q14sqPGt1pmf/lS3FD8s1xG3IxbMGQbNhaXQAWmy/SF+BYvYF/mYrPh
3lmD9cVyqgL63DRfI+t+CCaT3NgdWZ8Accv1g6la2u5OrnIDyQNFnnbtzn1jYKCv
NXj9YgzW2UTtSkc6jFPIiZGg0qj8E8jEFfHPTq4gVq6vnMRBwKI=
=Pccp
-----END PGP SIGNATURE-----
Reply to: