[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 5790-1] node-dompurify security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5790-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 13, 2024                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : node-dompurify
CVE ID         : CVE-2024-47875

It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was
susceptible to nesting-based mXSS.

For the stable distribution (bookworm), this problem has been fixed in
version 2.4.1+dfsg+~2.4.0-2.

We recommend that you upgrade your node-dompurify packages.

For the detailed security status of node-dompurify please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-dompurify

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcMCGEACgkQEMKTtsN8
TjZW5g//Uc2ZeYTX4O8kHZ9IHHL7v9n6pxPG9MLYgiMt11YSs5k6qVT20NvqfWWy
N9ZNQkBCtYpKRO3wym5AcfR9UsZxVh3AlT8Q+Y7lHBYxiaQw82ygNQT2nAU32wBS
MHnZvjHEAdH/iZWeR2VROVHjwR7bU9cbzc2/dVt1W7WJTLPY8lAqAAJ5D4/6Nlcb
1JMwupP1XIW26gSYBGx+RXuKitSr1jKBoraDtAGUtpZQMP7JwKXt+WSLe4mStXwQ
mQhMkmNd28sonJVAEl/EjvZq1KuEONlj5doPMtMC9eU7HBtXu6b2JoPVyO6FZnx7
6lMqT+JV9VIqj1MfJofLSv4kT8PfM18KaNHBqtiR370D0q6gxfQxIibvu4WXPmG8
CNw/ew4LRwswQMQPSscEGdo8jz3WKhKnLMB6HRWg0m9LMJXQcmNLPiAS8NIcOSDt
K8sQC8ODIjR1lYzetnu7Y6o69KWdreFVlHgaWqROfBtxmQ0cf4vBQchZd3cCRsFH
tPQ2xsNsbIQoJhst2XzJsNVlgcB78qMiKfc7fsZh7/Uy0oq2jclSA1nWQUoszFbl
TVCn44fLIS97bn2WggiAqUymBBSyAGeZp//6CuoYik62ARHW5tYXvsa1oq9/d/I5
RcBMbNHn2VNyxmzpnkbaFFYS/Sz86ihL17Ao7IOD8ssvaHzGeTw=
=lKMx
-----END PGP SIGNATURE-----


Reply to: