Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted node-cached-path-relative 1.0.1-2+deb10u1 (source) into oldstable
Date: Sun, 04 Dec 2022 17:31:00 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 04 Dec 2022 17:59:38 +0100
Source: node-cached-path-relative
Architecture: source
Version: 1.0.1-2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Changes:
 node-cached-path-relative (1.0.1-2+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2018-16472: A prototype pollution attack allows an attacker to inject
     properties on Object.prototype which are then inherited by all the JS
     objects through the prototype chain causing a DoS attack.
   * CVE-2021-23518: Prototype Pollution vulnerability via the cache variable,
     which allows access to the parent prototype properties when the object is
     used to create the cached relative path.
Checksums-Sha1:
 a957d2838f1a2fd593eb847aff253caa81a87dae 2335 node-cached-path-relative_1.0.1-2+deb10u1.dsc
 d09c4b52800aa4c078e2dd81a869aac90d2e54e7 2069 node-cached-path-relative_1.0.1.orig.tar.gz
 a46768905170bffeea8714ed80ce5a7b6bcafdd7 3884 node-cached-path-relative_1.0.1-2+deb10u1.debian.tar.xz
 47a20d276208e7ebd1139f6642eb0d5b98a4d205 7799 node-cached-path-relative_1.0.1-2+deb10u1_amd64.buildinfo
Checksums-Sha256:
 574668b079c696e75ee18be7ca79f406a965f22f4f37542f8f0566632b8ec178 2335 node-cached-path-relative_1.0.1-2+deb10u1.dsc
 58114d6bc2540408936d21f716a57a2957f56fad2c6f8a72ef710ee8b5b24007 2069 node-cached-path-relative_1.0.1.orig.tar.gz
 b804654bad5fc5a37e20e297d9197ebcd6a6498c4a4210fce2bf78cffea5c5c7 3884 node-cached-path-relative_1.0.1-2+deb10u1.debian.tar.xz
 3cfa41ed478af566f9b30544fbdb9684e04da1517c5bbee36db170c559e61c7e 7799 node-cached-path-relative_1.0.1-2+deb10u1_amd64.buildinfo
Files:
 8cfdef6f23c3965ec6ee3319ade72492 2335 javascript optional node-cached-path-relative_1.0.1-2+deb10u1.dsc
 ee8e74ad4d18c8982563b00608db3f7e 2069 javascript optional node-cached-path-relative_1.0.1.orig.tar.gz
 fc7afffdcae1f9e58f3ca0247b7a94c1 3884 javascript optional node-cached-path-relative_1.0.1-2+deb10u1.debian.tar.xz
 99338b6e1b891c7278a82bcced14381c 7799 javascript optional node-cached-path-relative_1.0.1-2+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmOM1CwACgkQ05pJnDwh
pVKl8hAAw8vQthDjjvP+3uTJ0Wrbyda2sSSdGXNAoYtAJ0r0lGw94DsaPnqOqdh/
kBtIhjPZcEwmnL4GBf7dQRwXiO53LAuXaU1NeLEBEyNIhgxWNiriJb9PyfPTjye9
uSy/Q0VYqY3KJlmEtQs+nBquclHJndwnUdxux7YxDt3w71RivNbMk0V87x0vCn54
KCxp8PS0BEUZutjQx2wuUyxnVwZxxdkhxy8/yPrO8ZAdxvI71gGCyp2B/wKBVTSM
pnolrL1fWyI376ZMogeoJ5fAlMsiLVSv5TPgG1NvpOJHIhF/3HJBMEqRs256n3VC
xl2MfhNdhHBWW8auj7Ez+q/uOTMcAWLiaTgqbSR8z6BW0lv6CMuYYOh6fNRHUEwK
nr3xwtxQRVW/0EoDu4Wlz9Npcxr3+PiCpsLtJrhURXEsjRW556gCMXGtW8scHZ/B
w7J7y58XyhgQ74vNbaQe8YKxAnHi7unFp9sFCJW2v0z1EPXXjxiJggeJP8HEeGgA
SXY+7yHWA/czFXsGRSnYZhJcohH2nemgYUhmP1Udi9mqypTDPmT5I+FeemxwVFYQ
KBUzrkuWtw7pZoydfzJ2Y3rzwMd04b236dm2yH9L5kWjL1CN1YMfB1u2mJqSuvIp
CEqSeEHISfE943OkUcpx0rGeFK8RPm/N8Mz3dHgVNPEPsm1fOf4=
=+Owb
-----END PGP SIGNATURE-----

News for package node-cached-path-relative