-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 Nov 2023 21:48:35 +0000 Source: node-json5 Architecture: source Version: 0.5.1-1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Changes: node-json5 (0.5.1-1+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2022-46175: The `parse` method of the JSON5 library does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object Checksums-Sha1: 73e9bad68f68ed95c6e82ab815dfd273c65545f7 2070 node-json5_0.5.1-1+deb10u1.dsc ca188312413baa0d7b5af8920ca35a7a15a37417 20034 node-json5_0.5.1.orig.tar.gz 1684f51c7eb952c7a57633ecfc670cdf380339e4 9288 node-json5_0.5.1-1+deb10u1.debian.tar.xz b96478854c1b01a9fd05c1cfc0b6c0b2cdbe0d59 7104 node-json5_0.5.1-1+deb10u1_amd64.buildinfo Checksums-Sha256: a1cbf4a0939efb8b332abc4f250e4760a914be77a4863ddf210b33c830ae078d 2070 node-json5_0.5.1-1+deb10u1.dsc 3618908ccc9038ecbd5e11b8e20f38246a2527778b3a38c8814d499aa05e206e 20034 node-json5_0.5.1.orig.tar.gz dfe2120ba86a270e5014a66342381add28dbdbabaf1b1687fdcda136cef0ac45 9288 node-json5_0.5.1-1+deb10u1.debian.tar.xz 3298d17a8d1c145ee4ee266283e704de4665a958184d0460d86c2d5ba2e1cbd1 7104 node-json5_0.5.1-1+deb10u1_amd64.buildinfo Files: d358e565d0ab911b2deec9ab7e8f638d 2070 javascript optional node-json5_0.5.1-1+deb10u1.dsc 4cdb1f68a67ce3d1118e840ebf6711af 20034 javascript optional node-json5_0.5.1.orig.tar.gz 2736480b2ee67da6ff10c810f0f474d3 9288 javascript optional node-json5_0.5.1-1+deb10u1.debian.tar.xz ebe2b1c0a0d8c36221d602b819839d50 7104 javascript optional node-json5_0.5.1-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVed9cRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF9jeRAAk7tOCbuwX0NGSpUvhunLGsHOO2Mu5ksh FujY/5/p3P7wq0TP8gabVM984zL+2po37L/AmslLAjAIh8bMapptWO1pue4QVu5G 1otBOxpYNwvsxrRXsejq7R1uSw1KjDJy11yV0uafJPCm66+jonYwcge4D/L+Hc9P tN9hNliPWc6zL3+0k3J8QdjRj54Z7Pr+wC62XFk/c8r8dDeDWF2wCdfj54hlG8QB Sg0jmpJKQcQNBjGNpKjPPpBjrGFiGImSeb3+SvMAT8Qvymkzs03T5QcT36P1tgKv 3UBbDB2v5O0YZFKibWznLmr4lQEaLI5VxA3P9cUB+5fxkPkPQz2VcFEYcNtSW1Fk Opv1fpI23BMbBFYodZyjkmJDMTtfX3q4GHbkuZ9peHfAZLO/cEXhj4T2pnC+N8+f Oyh7HJ7TkzXPi6FhJ2MmEDlsR4AoVp7THWRZBh2rLUrIaTuKhE7L2G6zqu7Bljdh fn/OjJ2u8cyq6zImoS8pZpZAInqzJkKLsnTJ/bHq8NaB8oIr1akQ9QEZLCCSK0nP B0Wkf9xFCJ3Zr+A6rtOtn0YnygYb66TZ7TKWu5CsDw1dhFiO39ipbzcNnPRv4AQw vVQ/ITijjx9ih1Y5po/UIbtxQ/T8xYiwyaQ8YVxBmYMpUs0OA/IaOUKbNKnokwSn R7lGExw1wXo= =D+F7 -----END PGP SIGNATURE-----