Hi, During the month of December 2022 and on behalf of Freexian, I worked on the following: * DLA-3221-1, node-cached-path-relative (prototype pollution) https://lists.debian.org/msgid-search/Y40yr8Jdg8VMGDal@debian.org * DLA-3222-1, node-fetch (information leak) https://lists.debian.org/msgid-search/Y4051d6Z8uBq8hnY@debian.org * DLA-3235-1, node-eventsource (information leak) https://lists.debian.org/msgid-search/Y5XkDBPCBI9nqdOt@debian.org * DLA 3237-1, node-tar (cache poisoning) https://lists.debian.org/msgid-search/Y5c3modyc8IKjddI@debian.org * DLA 3252-1, cacti (RCE, information disclosure, authentication bypass) https://lists.debian.org/msgid-search/Y7AAbrsu1xbdSfHF@debian.org * DLA 3258-1, node-loader-utils (prototype pollution) https://lists.debian.org/msgid-search/Y7BiOJVHrQkW/ohp@debian.org * DLA 3260-1, node-xmldom (incomplete validation) https://lists.debian.org/msgid-search/Y7G8QM4FN8hHgh5B@debian.org [That one was uploaded and the DLA published on Jan 1, but all the work was done the day before so I'm adding it here.] Thanks to the sponsors for financing this, and to Freexian for coordinating! -- Guilhem.
Attachment:
signature.asc
Description: PGP signature