[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1009345: bullseye-pu: package node-moment/2.29.1+ds-2+deb11u1



Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

[ Reason ]
node-moment is vulnerable to path traversal (#1009327, CVE-2022-24785)

[ Impact ]
Medium vulnerability

[ Tests ]
No changes in test

[ Risks ]
Low risk, patch is trivial

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Just a new check to prevent names that look like filesystem paths

Cheers,
Yadd


Reply to: