-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 31 Dec 2022 21:14:05 +0100 Source: node-xmldom Architecture: source Version: 0.1.27+ds-1+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1024736 Changes: node-xmldom (0.1.27+ds-1+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2022-39353: xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or throwing. (Closes: #1024736) * CVE-2021-21366: xmldom does not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. Checksums-Sha1: 7ae43011419f17af7c837c2e4da61c74fde7733a 2084 node-xmldom_0.1.27+ds-1+deb10u2.dsc e32dd7505ce4e0d70ec72b01e8ba486c719452e3 10268 node-xmldom_0.1.27+ds-1+deb10u2.debian.tar.xz e890fd933ea29587290f770580870e7350b47f60 5852 node-xmldom_0.1.27+ds-1+deb10u2_amd64.buildinfo Checksums-Sha256: 6c7caa9cb553f18877f5881413c9530d8231eeaff8801102586df45713b56507 2084 node-xmldom_0.1.27+ds-1+deb10u2.dsc 0241692cedcbc10c7064d60182de5d19fb8d1cfdacdda08db4d9aeaffa0fa6d2 10268 node-xmldom_0.1.27+ds-1+deb10u2.debian.tar.xz 56270c2faa674b24a99ec9e6383f307d5aef15e334269536af8b83752195f411 5852 node-xmldom_0.1.27+ds-1+deb10u2_amd64.buildinfo Files: c0065a718c48285df53a8dddb6d7fd3f 2084 javascript optional node-xmldom_0.1.27+ds-1+deb10u2.dsc a534934731076d8ab464155c65660310 10268 javascript optional node-xmldom_0.1.27+ds-1+deb10u2.debian.tar.xz ae8a6efb00acc28f4afebb882fb077c1 5852 javascript optional node-xmldom_0.1.27+ds-1+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmOxqvkACgkQ05pJnDwh pVLTdxAAh8TPHlNSzdq34qv0Sy1NU2NU/mE+flFKO+XVbkS4brUMroP+c1NI5sIe J3tcGEBSHqovBkRTpnJCgqdmXz19bL0oTOTCPGqkuKg7rDHdw+n9rUTHKpYPa/sz 4RPmWBOgZhzLgOR03g9010g/aak6nBvRsR4DzqN6ixUp9WObV+MxUhDiUXuA0s8U itIy0SCYQN6Juyir2MUOuGQC59r8MBlix4e0h/ENJ0SZTAn2688tO2IbSnKGutVs oyRbel0OkLrunRduhEUPkGM4Ch24eZcuvAXNwCbScmu8RrrTvbsLgYu8jkgsSwnl 1trdoLTpwLTWbw2xlc0ZEYP6HnGWqUWwkxdYT8GvPbBKxZ0u5oMPQOXPsE1unCpm tsyyM5dJAJkA84ZmS1PUPNcyb22gFxOTH+0LCfSzfzpJiqDtLi8/SnQALXV6zlZi fwLd23+oWqbalSitdmpaD5GoTquZqx1+76PlNlWAGUORwomysyFpMzM2TZRFuidw lBikUDcCxs+X1oYdG1nNNTG80o2MyYbkyK0pug0y5E7Daos0HHl6Vh5SgYuLkCj0 Ec2+hYtbt+NLSsGpvAa+MAbBt4ZRoi26KpoifqV5ASO0NL9BTDK9R6MrUEliHQ3x LJCl1KZEOnAntBj6c1G4dkKbwpSMrwhnLZ3e5zQGW25i99KzI40= =wn17 -----END PGP SIGNATURE-----
