-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3154-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 18, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : node-xmldom Version : 0.1.27+ds-1+deb10u1 CVE ID : CVE-2022-37616 Debian Bug : 1021618 It was found that the Node XML DOM library was vulnerable to prototype pollution. For Debian 10 buster, this problem has been fixed in version 0.1.27+ds-1+deb10u1. We recommend that you upgrade your node-xmldom packages. For the detailed security status of node-xmldom please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-xmldom Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmNOwNgACgkQnUbEiOQ2 gwLoEw//Q8vorv27NY829orVd9keIIzEXMUqU2z2DbFB8hjW2Na3/5DuupnDPlCL 893Ra8DKGz3x7MBtxlKgsenXFeKwLBWli9DXpAIUOIs+syxlp9sj0jQMMV3Ym+Gu 7hLeaUTWXK5LRPKok4nc3mg5QYI9/ReaWxxTNrNtzEgR41Nmg4Y0igHmjQ0Ps4Vc tXpEWmXowKskfR2F5Vw9NM5icBh1VkDqhjQLNxfz3jACv6HMFkvrd9QnNQUxftMo yQf+1qvDkG2figNXFlWya1yPTVvg8AdPTTNbze5L86BCpjapL3wh2zuX7pAc9bvZ kgM5BfrD/kW2njy6y0pDQNs2r4JO8boitaEAa/76ect7V8l0KcYybf/9+SuAfwRS I6EttWOAcMvQ4omsiTmKk7IT1PjmW8oSSHiKrlXJngmQabu6vmfFzgP2khsNMrQt HVXgSKqdGTBfUh5RvUF+5AphCTioJiRc0+XPlJ4pxVp8Cc4uxu+fOrNRjrzzstDv 4jqM2CrYoqFzUUqVKk9y+QhbciSaYAqo+k5Wao3KX0orW1FGqwb8s7t1QSmZ79rP vdG76bcoEvZq0eG8p2MKXK1Wq+G11XTKbcbqPF3Zqw0/V2016fv+PGtDMT7D0CK3 RG6DlBa6sN/BXXk0o9WOPdyWu+XzxuGl9a/vnfygIdmLvjvzEXY= =ojTO -----END PGP SIGNATURE-----