[SECURITY] [DSA 5790-1] node-dompurify security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5790-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 13, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : node-dompurify
CVE ID : CVE-2024-47875
It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was
susceptible to nesting-based mXSS.
For the stable distribution (bookworm), this problem has been fixed in
version 2.4.1+dfsg+~2.4.0-2.
We recommend that you upgrade your node-dompurify packages.
For the detailed security status of node-dompurify please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-dompurify
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcMCGEACgkQEMKTtsN8
TjZW5g//Uc2ZeYTX4O8kHZ9IHHL7v9n6pxPG9MLYgiMt11YSs5k6qVT20NvqfWWy
N9ZNQkBCtYpKRO3wym5AcfR9UsZxVh3AlT8Q+Y7lHBYxiaQw82ygNQT2nAU32wBS
MHnZvjHEAdH/iZWeR2VROVHjwR7bU9cbzc2/dVt1W7WJTLPY8lAqAAJ5D4/6Nlcb
1JMwupP1XIW26gSYBGx+RXuKitSr1jKBoraDtAGUtpZQMP7JwKXt+WSLe4mStXwQ
mQhMkmNd28sonJVAEl/EjvZq1KuEONlj5doPMtMC9eU7HBtXu6b2JoPVyO6FZnx7
6lMqT+JV9VIqj1MfJofLSv4kT8PfM18KaNHBqtiR370D0q6gxfQxIibvu4WXPmG8
CNw/ew4LRwswQMQPSscEGdo8jz3WKhKnLMB6HRWg0m9LMJXQcmNLPiAS8NIcOSDt
K8sQC8ODIjR1lYzetnu7Y6o69KWdreFVlHgaWqROfBtxmQ0cf4vBQchZd3cCRsFH
tPQ2xsNsbIQoJhst2XzJsNVlgcB78qMiKfc7fsZh7/Uy0oq2jclSA1nWQUoszFbl
TVCn44fLIS97bn2WggiAqUymBBSyAGeZp//6CuoYik62ARHW5tYXvsa1oq9/d/I5
RcBMbNHn2VNyxmzpnkbaFFYS/Sz86ihL17Ao7IOD8ssvaHzGeTw=
=lKMx
-----END PGP SIGNATURE-----
Reply to: