-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3760-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 14, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : node-xml2js Version : 0.2.8-1.1+deb11u1~deb10u1 CVE ID : CVE-2023-0842 Debian Bug : 1034148 Prototype pollution has been fixed in node-xml2js, an XML to JavaScript object converter. For Debian 10 buster, this problem has been fixed in version 0.2.8-1.1+deb11u1~deb10u1. We recommend that you upgrade your node-xml2js packages. For the detailed security status of node-xml2js please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-xml2js Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXzWLYACgkQiNJCh6LY mLGCXQ/+OGOGr54c9cTgUSbvQ7owfIcFUG5xpvIAWa2NdKXMyOiANMBNOu9Ugod6 gZdyDhXGw8hlhF5EnSIXVUEo8a9SoJcL47eCXW+rgV7q8+TkOBUDn2UI+fw55Zca oADxq3lfsG01PrRVRpr+DoGpNV0wzt+uZP3Z3c+AHKaKmdiavVzUc07ebFq99NUg 9teJwhNODx/NIeZBBkWetR0XRaLWmzOtKLB4X/nt4k6lvBmbH9ZqftoNxAwbFn3a 6LsBHhS3OGiIJqdaSuUAFO+hMeU1Bka0ia1QBM8j5tqSAPn7t0Q3Rz7OQP1dOq3V dnJHLI3TEhr2j48ZJMLRgpA87bEK50rSjhxumqyqCqtNLuKq/PHXQ8mYcPFrYO9a JhOF7vHiA+4QsDOICHebGsvNxRLiWFjObqcW34UnyyeC5m3lNPKEeNE3gZRXPpqD zZ01UzMkmP/BoI1TnxqMdCd4gCwYEY1jJAo6EaNkdxe2DHDBvvh9/mvIPIxVr2Kc FPZtNEVUB7QV5TsZdnJPBn4RmqQ/xyydcfXiREcCA5r01UFXhqqv3zhdGBwly5uy jGD+YGmXt6LZvkQhDo8VWfESvR7KX4iq1ACNtNj7EkCBqC/TP4ewgZ/QmvY8wvHI /uETBCZODFZ+nUsjjZ4srU7dlAlReoGoh6tNeiGU1qmgYCMoxjk= =aSei -----END PGP SIGNATURE-----