[SECURITY] [DLA 4013-1] node-mocha security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4013-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucariès
January 11, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : node-mocha
Version : 8.2.1+ds1+~cs29.4.27-3+deb11u1
CVE ID : CVE-2021-23566 CVE-2024-55565
Debian Bug :
mocha a javascript test framework was affected by two
vulnerabilities in nanoid component.
CVE-2021-23566
nanoid package is vulnerable to Information Exposure via the
valueOf() function which allows to reproduce the last id generated.
CVE-2024-55565
nanoid package mishandles non-integer values of size parameter.
For Debian 11 bullseye, these problems have been fixed in version
8.2.1+ds1+~cs29.4.27-3+deb11u1.
We recommend that you upgrade your node-mocha packages.
For the detailed security status of node-mocha please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-mocha
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmeCdEwACgkQADoaLapB
CF8GMQ//dGHEjn+xTY9I7YI0n45Ub/tjgeyMKazOxq+CMGNylxJut0pEkEN5Xm0Z
RA5XQ/tTTmDEnXsdXsUiG+qXUSBJn34WWwokEKZRLedBoMcoUWoF95JhFTxn5z2q
PFqNncwl3mye7uIr0VuGcXxAFZtgDKg/G440V/JeL7EMT/QXaxvHlHTmZHZrA7Hp
eD4zntH6Fs7EqVVntAR3d386dV7WEXTAZvRT2QzsnpWLojKhZbrdHy4QlvTr/IL1
v6N58VSeshItkDGX0HKTqBHnFwf0+pRUnLlOjLlGbXlivfZKJRw8cq25fg5sLWxt
sUHvAO5VYoZxNqPnYS14DRtGKrb005WNtyDzyMHEskNrj2COZFZ4xqRVpkyOLflf
nPmU7HcAFoqkbvaxLuUnzSGyparD5G2XyIsJI20iwRxsFII8NbSIfDBZnEDSG/7o
11AxpqHPRqUo8lfDwfptoCkZRrmU4jQSgL5ihGE8sGdcIGhA/9sROTyh2szEmsYx
Y1lBbHf1xztz+3HHV77e7HS9GjLnrgsSv+KDl9r84fVjQU38km15URaO9Y9F9uE0
5CFcJT+ULSX6l/WKBPLFaiFQ8eh+fm31Rax1z5URO1J1dRy2MGe4Q8oS/hnc03XT
X6zfhFQH07x94JemRPHJ0EPR383QhLTS1QIc2TmX1LqJbKmGBzU=
=CCsx
-----END PGP SIGNATURE-----
Reply to: