-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 29 Jan 2023 15:19:31 +0100 Source: node-object-path Architecture: source Version: 0.11.4-2+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Changes: node-object-path (0.11.4-2+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2021-3805: Prototype pollution vulnerability in the `del()`, `empty()`, `push()` and `insert()` functions when using the "inherited props" mode. * CVE-2021-23434: A type confusion vulnerability can lead to a bypass of the CVE-2020-15256 fix when the path components used in the path parameter are arrays. Checksums-Sha1: edaa857291d1f6e99b08c752ab779e46bbcfa4f6 2143 node-object-path_0.11.4-2+deb10u2.dsc 370ae752fbf37de3ea70a861c23bba8915691949 9556 node-object-path_0.11.4.orig.tar.gz c9636c6030ada318e53b8fe8cdfee4353dcd1cf5 7452 node-object-path_0.11.4-2+deb10u2.debian.tar.xz a3ee9af56deba9d1aaaedc8a94e88217e0aad5d5 7404 node-object-path_0.11.4-2+deb10u2_amd64.buildinfo Checksums-Sha256: 0eec2dc906fb922abf8ed303c0009b4a8f34f67c38db411816d6643a54abe0b2 2143 node-object-path_0.11.4-2+deb10u2.dsc 8d90429ada9dd03784da3cff9ec8483cbd8519879d570e0d5f5307dfc552ab20 9556 node-object-path_0.11.4.orig.tar.gz 6d82e771c14fe795d2285993bff7d1a8be92cebb4a7b5d1016a8736d70f224ac 7452 node-object-path_0.11.4-2+deb10u2.debian.tar.xz 9ae60e6789a33dc801f7d143ef95a3b658349e7cc36389cd8e86b5c279015233 7404 node-object-path_0.11.4-2+deb10u2_amd64.buildinfo Files: 1ed6390099b3b7c2762a8c7d79109231 2143 javascript optional node-object-path_0.11.4-2+deb10u2.dsc 659445c79c88ab0cdaaccf90d0c8ecc9 9556 javascript optional node-object-path_0.11.4.orig.tar.gz a7d292936df9023b06c8a776ba4f6d6e 7452 javascript optional node-object-path_0.11.4-2+deb10u2.debian.tar.xz 15aa26c300fafa72ae460e4e60bd5359 7404 javascript optional node-object-path_0.11.4-2+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmPWgKYACgkQ05pJnDwh pVLFKhAAyyy07JTrkzMnrPHGr7YCbG4JSK4yGTGcbcf+bjGmE1Kf4BBy9nkrAFSJ Hs7WZJS8PEAGH63/WxbKdHqyb21Psu2Ld/1fVFpvbKnpJ5JxYmS4mqKcd+X8+ZD2 5oGSclDQeoMdZ1wcGsZpHENas0XtdwZ4r/hfbvt0EpvyWGsTGTLofYF0q/XZbHKU x7v4nS/ned5t799JDJpaHmQKCB0bquPErRAYAslFoB1WJTfRJup8lzuh1FVTxuBu znjGnhRuSmkoAOD3hWMDWy6FHZegPntjemHdtP69vmcrJSx8lTfhD4Ola/QIki7s 5iWeuLpkp8n11Jk/kD5AfSTEhMYELNgL2MI5LhFBIFzJJFgCcvpqXD8NGQRgx2Uc kkEPOY08aKOHVJu6xT9T59n/plEb9nt+ZnkUeRWrnaw/kt1FkQsh6Es7BxZzqaP4 7+kqYyP7SPqZlKfsWxL8+AKFDVYevhPcj3YiUH9ATBXW/oPMZAS2UL/QuR3TwI3D o7R19/4wJwC+nXfOmKhtPW01wx7tQLCd/8yYiZybZCGhWG62Kcytd9IUPk2gWQOe augnY0KpINzeNbDlO2zcq0CVVazVJ/TuIom524zO7JHtF54Pt71W5DZ0xXNXRYOW uWyWLCSHITKA4+Sli+zYBcn6YPwx6EeruNRqPvr/7z0naPQtFO8= =gtTe -----END PGP SIGNATURE-----
