Hi, During the month of December 2022 and on behalf of Freexian, I worked on the following:
* DLA-3221-1, node-cached-path-relative (prototype pollution) https://lists.debian.org/msgid-search/[email protected] * DLA-3222-1, node-fetch (information leak) https://lists.debian.org/msgid-search/[email protected] * DLA-3235-1, node-eventsource (information leak) https://lists.debian.org/msgid-search/[email protected] * DLA 3237-1, node-tar (cache poisoning) https://lists.debian.org/msgid-search/[email protected] * DLA 3252-1, cacti (RCE, information disclosure, authentication bypass) https://lists.debian.org/msgid-search/[email protected] * DLA 3258-1, node-loader-utils (prototype pollution) https://lists.debian.org/msgid-search/Y7BiOJVHrQkW/[email protected] * DLA 3260-1, node-xmldom (incomplete validation) https://lists.debian.org/msgid-search/[email protected] [That one was uploaded and the DLA published on Jan 1, but all the work was done the day before so I'm adding it here.] Thanks to the sponsors for financing this, and to Freexian for coordinating! -- Guilhem.
signature.asc
Description: PGP signature
