[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

LTS report for December 2022



Hi,

During the month of December 2022 and on behalf of Freexian, I worked on
the following:

 * DLA-3221-1, node-cached-path-relative (prototype pollution)
   https://lists.debian.org/msgid-search/Y40yr8Jdg8VMGDal@debian.org

 * DLA-3222-1, node-fetch (information leak)
   https://lists.debian.org/msgid-search/Y4051d6Z8uBq8hnY@debian.org

 * DLA-3235-1, node-eventsource (information leak)
   https://lists.debian.org/msgid-search/Y5XkDBPCBI9nqdOt@debian.org

 * DLA 3237-1, node-tar (cache poisoning)
   https://lists.debian.org/msgid-search/Y5c3modyc8IKjddI@debian.org

 * DLA 3252-1, cacti (RCE, information disclosure, authentication bypass)
   https://lists.debian.org/msgid-search/Y7AAbrsu1xbdSfHF@debian.org

 * DLA 3258-1, node-loader-utils (prototype pollution)
   https://lists.debian.org/msgid-search/Y7BiOJVHrQkW/ohp@debian.org

 * DLA 3260-1, node-xmldom (incomplete validation)
   https://lists.debian.org/msgid-search/Y7G8QM4FN8hHgh5B@debian.org
   [That one was uploaded and the DLA published on Jan 1, but all the
   work was done the day before so I'm adding it here.]

Thanks to the sponsors for financing this, and to Freexian for
coordinating!
-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature


Reply to: