Bug#969348: buster-pu: package node-bl/1.1.2-1+deb10u1
Control: tags -1 + confirmed
On Mon, 2020-08-31 at 21:09 +0200, Xavier Guimard wrote:
> node-bl is vunerable to CVE-2020-8244 (#969309): A buffer over-read
> vulnerability exists which could allow an attacker to supply user
> input (even typed) that if it ends up in consume() argument and can
> become negative, the BufferList state can be corrupted, tricking it
> into exposing uninitialized memory via regular .slice() calls.
>
Please go ahead.
Regards,
Adam
Reply to: