Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted node-qs 6.5.2-1+deb10u1 (source) into oldstable
Date: Mon, 30 Jan 2023 21:30:21 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Jan 2023 21:28:37 +0100
Source: node-qs
Architecture: source
Version: 6.5.2-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Changes:
 node-qs (6.5.2-1+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2022-24999: Prototype poisoning vulnerability.  qs allows for instance
     the creation of array-like objects by setting an Array in the `__ proto__`
     property; the resulting Objects inherit the `Array` prototype, thereby
     exposing native Array functions.
Checksums-Sha1:
 42a5e5403994547ecc803c18c0d0439ff2db3556 1988 node-qs_6.5.2-1+deb10u1.dsc
 6c80d815df84e0bb2fd4e486cc0d7279d7998bcb 23602 node-qs_6.5.2.orig.tar.gz
 2080c6d1fd22ac260f9a0bef8b615920ad229bfc 4204 node-qs_6.5.2-1+deb10u1.debian.tar.xz
 bca55e265e5b842a32c8e416a6a48a1239dda53a 5751 node-qs_6.5.2-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
 75773e8e44b6e82e6cbf4bf46610379ff072b09404c6b98b1aba2aacde1b1367 1988 node-qs_6.5.2-1+deb10u1.dsc
 7834ea513688f96bfe73b00a3caced38f7ee3a6b68584b67cd93dd987251db40 23602 node-qs_6.5.2.orig.tar.gz
 9f302ddc07e1eb537f3305fcb74150ec0990063b45c41b4f062de1ecd77b0b07 4204 node-qs_6.5.2-1+deb10u1.debian.tar.xz
 98c0bf8483b84492e65d19c4dce79b0b4276ef563013cb64a9b3527f25ae2789 5751 node-qs_6.5.2-1+deb10u1_amd64.buildinfo
Files:
 267abcf740492a4831d853bd8b27e12e 1988 javascript optional node-qs_6.5.2-1+deb10u1.dsc
 cf8d7a41b09a362b51539bb14b17ad5b 23602 javascript optional node-qs_6.5.2.orig.tar.gz
 8fd22e9081832234adc4b4d0838b8e5a 4204 javascript optional node-qs_6.5.2-1+deb10u1.debian.tar.xz
 0a3a38a9a6b86974938f33df5ddcab83 5751 javascript optional node-qs_6.5.2-1+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmPYKKEACgkQ05pJnDwh
pVKQLRAAjGp1PepPqZyIt1W9ypk7yVZLtYgDjjg9lBxOnKwkNoZRSesDxaFLJCv4
EJ7E470U2S66kXCJ8+ui5TEwKLF/ukIpO8UnjAaR3XtjZ8DyrldLvmJ1apCjONpv
C8D64seYGP9/7H8Lt0X0r0uqlbn0pJtTBlwwew1eqzI5ftPh7MwKoEde6B8C5U34
h/ZSmEdZDVK7DZs9ZMDTAfsno32vxJzQo7ZM0hop3DWVGM0/0vE61QDp2tjZLZqK
nMitneFTx7J364wMKZqAXNvh6gvkZyrplq8quq0LvPpGgYZYvgxNetob2aPkP5/h
SU1Nk/JVfOtLMg68FeSXGnjVAM6glq36cJrwuU5lD6DFu1oLKbCeWL2Bta8M6qY2
MVoUPDKK2GndsCeL8YGOkr+pGyM6dpX1GCEEE5plY0k2hLtEcPZirH2zKwVbhFzs
FguZDH66rOLPTPxQwlagNwC/gZtM5kujCiSPAK2w+SoVTqZ6TIIP5ERXC79JR6nF
DDCdUBc9OG2Y/FUkFhOpFyw+tRxUkkd5u4zAavwvtoE6c516NbCHmEvClPjt8+9u
uSV0zBzng3ncO6ytR5PmVqqaekvB9gQ1KF5wP5OIiVBWqF4o5vZaMp3v9kdMUL4v
9JYqyWL4BTAE69KvFAcbGZSokxEjuGiq3VXDyfyYoKnECa8lzL0=
=Q26B
-----END PGP SIGNATURE-----

News for package node-qs