[SECURITY] [DLA 4291-1] node-cipher-base security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4291-1] node-cipher-base security update
From: Adrian Bunk <bunk@debian.org>
Date: Wed, 3 Sep 2025 22:36:54 +0300
Message-id: <[🔎] aLiY1qoJgsrAMdj7@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4291-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 03, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : node-cipher-base
Version        : 1.0.4-4+deb11u1
CVE ID         : CVE-2025-9287
Debian Bug     : 1111772

Incomplete type checks when validating input have been fixed in 
node-cipher-base, an abstract Node.js base class for crypto-streams.

For Debian 11 bullseye, this problem has been fixed in version
1.0.4-4+deb11u1.

We recommend that you upgrade your node-cipher-base packages.

For the detailed security status of node-cipher-base please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-cipher-base

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmi4mNYACgkQiNJCh6LY
mLFR1g/7BZ5cKlcevgUNC24/e28Jzk9cYiIM7BT5RFBPiRehTgTgYuUiqvTQngf1
G+NlzIsHfrN8RCH0K9jj2X8k4y2iy45xvgd0DsfFuIPoWo5Y0JykAVCYL9XfsYS7
R3w3/4joYFJj184fRgdAhwmbpzwSK332SP8+xfpfCSzsggu72+jkq02IJO3ch4Eq
uRJ70hJB/rv9Q1ptPp0gsCUOguxZxz/FQfMjtGKK8ZkP8rqkAcmrfYqf1nt/+khM
uK0utVRrYicpzhZlwo/hxhgpw9YuOSYPiMrurkAd1n4xKnV1I5wl1ezcgjh9b/dM
K7ev/vIm6uI9ThoEfqIap7Z7+28aDCmnewtem3k1n0VCAQjWtcm97SW6XAMK0Db3
aYDSLux/5s2O6OFbJpquZPhwZfqWX4aBBtalFhJr1ZhKXjsK43+mq8+MT5RorivC
1SKs+bLcWhnXUwdFNMAKs9IJ0ngc2f6f4eohuJM8V61Arr/bcGoe6Rj2Ojr0diLz
1hvPMXw+7/sogulKkk7xHPCZ0T7C/+dQpHwE1m8yfM1rTzmNR6w8P8HZqNqNaVMY
OuWkLyIwQ94llalVrELwWJXZoEOvdEVfdj6TmVspLu0kUugKWLV1xsjGj/4DSMzs
yTRKxiDKIshZjUqn/olLAV009ygOXVh1xSWPHpvsMFAe/ZRwVcc=
=wnyw
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4290-1] python-h2 security update
Next by Date: [SECURITY] [DLA 4292-1] clamav security update
Previous by thread: [SECURITY] [DLA 4290-1] python-h2 security update
Next by thread: [SECURITY] [DLA 4292-1] clamav security update
Index(es):
- Date
- Thread