[SECURITY] [DLA 2698-1] node-bl security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2698-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
July 01, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : node-bl
Version : 1.1.2-1+deb9u1
CVE ID : CVE-2020-8244
An issue has been found in node-bl, a Node.js module to access multiple
buffers with Buffer interface.
Due to a buffer over-read, uninitialized memory might be exposed by
providing crafted user input.
For Debian 9 stretch, this problem has been fixed in version
1.1.2-1+deb9u1.
We recommend that you upgrade your node-bl packages.
For the detailed security status of node-bl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-bl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmDc7AtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdmYhAAhQZZkIwKMkP2oTG2252fkVezwD/qzHUe6Z81uo7FDng76InPTTlXPS8C
GMzQA8JqCcq0WPcR2XWwZJHLzcO71yNVd/EqyjE2+ONLV7vMAVsE25UqWjZ9ZC4o
J4JEWgUfrqH2isVw+KYuwWBemLqMJ4czAIrTWQCF6MKNAobhQQvvh5C+gE04Drn0
34NTq9S6yIqmeZsrDexktUbvlppScCZZIHMBjkZJm72kOp6wdfbUAtGGfRxP0Uyc
LSK0ILtjZId7Tl8ZdzI8dZm6I5HmDr0M+Tfvkb74o2vTbAh/JBbK5VOuQTD2qpyM
zOAsM9QMaPVmGs/D1YBm8GXuNomQa5/K7ZFL3bBC7d6s+5YXhKAfr6KCi9RvMDa6
VvsRlqIeqXTDX3knp+NoZH5QVgne/ece0kvkJSh7k/QHl7Wur4Pnc2wDEu2dZDKm
qX2QPI1PUxPMTO3Bya1DB9kBd8Qi4gRuZLyYJJOvDWZhb7CBtTWJ5Z/Msq6UFbPy
Mj5QGKxss6QeRgCkwwrmypzJes8GuHGbUVD/0IYmpOkWxSj8xF/cnAGX2OCIkOmp
fV7K16abK+yoatkYJ2qEe6BRWoYTiDJtEubwgN9x2h41qb8nL1Xwxwo8I8PKe2LV
ym37IZxg/4BOWx5kjDGGSc9R5WpKNpq7upBbddi9KvCTljt+9qU=
=IpgJ
-----END PGP SIGNATURE-----
Reply to: