-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3618-1 [email protected] https://www.debian.org/lts/security/ Yadd October 14, 2023 https://wiki.debian.org/LTS - - - -------------------------------------------------------------------------
Package : node-babel Version : 6.26.0+dfsg-3+deb10u1 CVE ID : CVE-2023-45133 Debian Bug : https://bugs.debian.org/1053880 In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate() or path.evaluateTruthy() internal Babel methods. For Debian 10 buster, this problem has been fixed in version 6.26.0+dfsg-3+deb10u1. We recommend that you upgrade your node-babel packages. For the detailed security status of node-babel please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-babel Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmUw1WMSHHguZ3VpbWFy ZEBmcmVlLmZyAAoJEPbXTKfJme7pfl4P/jy4mVcF35YWkX45acstQkXvCq6d099h B3KlhUmqK6hDAHJqCZCYtr1Gjw82tk+YJbaZACEVnowWo2pP7CyGRH2AAiAapTA7 U6Qexm14EbYOcPZzOQKrYO6Fqqf8WG84U5NjWbUgjP/xvCg9zFZdCutOkAclvYzN V0yyUZ0kSKQ3KFv9UZJOVsL2laVn9rBvJotBnS1muStbRqPcM1R2Du1fBxQRtTPN JGbilCXbnLNijy4fXa3VwnQ6J8enK6T7FvMP3lroIKSRaPPFTTCaAihh98D9D5r1 32hC+PxAzJltQzFSwm5LpT0E2qtaQ1uBxJAV7VORSqoF1+tnlG1NJv1Jnl7svJwF FBBG10pn2uDB0XSJwEdIw13RugGsgda2t5lZ3U6TYmD4J7qeDXvLwFRMwakfcEX9 LJMLq2guAulaC1AGp3NjrO3ZgpR0TnysAHtODaiap4IqYJUDrBEBZttuj5+EJSuj XIkK9klGfWY4X34m0dg3UI7ez0ik5usfjbGj+8m8ban5dE5otVJ4XNU5cNEbsG3v 0aIOIV1OS5ZNypdbaUNWxKWKR/uhHR+ib7PWohzKzGDYq7zyQYGKGhps78gebPgj 6Tjt9rk4P1R+/4evVEelZURJPbObD7ml5NBeyIcmjTYPvq/GxNTe6Ot5uKcER6C1 YuiloYEXnh5/ =+EU+ -----END PGP SIGNATURE-----
