Source: node-pbkdf2 Version: 3.1.2-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for node-pbkdf2. CVE-2025-6545[0]: | Improper Input Validation vulnerability in pbkdf2 allows Signature | Spoofing by Improper Validation. This vulnerability is associated | with program files lib/to-buffer.Js. This issue affects pbkdf2: | from 3.0.10 through 3.1.2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-6545 https://www.cve.org/CVERecord?id=CVE-2025-6545 [1] https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6 [2] https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
