diff options
author | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-03-16 09:03:33 +0100 |
---|---|---|
committer | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-03-16 09:03:33 +0100 |
commit | 9cf1aae66224a5059ef981ca52fe53088a497dbe (patch) | |
tree | af0206ee713c784e65368bc716c5d6ce370fc2c1 | |
parent | 02e596b9ab402970b6536a73588a5e7176e3c4ca (diff) |
[SECURITY] [DSA 5373-1] node-sqlite3 security update
-rw-r--r-- | english/security/2023/dsa-5373.data | 13 | ||||
-rw-r--r-- | english/security/2023/dsa-5373.wml | 20 |
2 files changed, 33 insertions, 0 deletions
diff --git a/english/security/2023/dsa-5373.data b/english/security/2023/dsa-5373.data new file mode 100644 index 00000000000..b1665b9b465 --- /dev/null +++ b/english/security/2023/dsa-5373.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-5373-1 node-sqlite3</define-tag> +<define-tag report_date>2023-3-14</define-tag> +<define-tag secrefs>CVE-2022-43441</define-tag> +<define-tag packages>node-sqlite3</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2023/dsa-5373.wml b/english/security/2023/dsa-5373.wml new file mode 100644 index 00000000000..956de3612cd --- /dev/null +++ b/english/security/2023/dsa-5373.wml @@ -0,0 +1,20 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>Dave McDaniel discovered that the SQLite3 bindings for Node.js were +susceptible to the execution of arbitrary JavaScript code if a binding +parameter is a crafted object.</p> + +<p>For the stable distribution (bullseye), this problem has been fixed in +version 5.0.0+ds1-1+deb11u2.</p> + +<p>We recommend that you upgrade your node-sqlite3 packages.</p> + +<p>For the detailed security status of node-sqlite3 please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/node-sqlite3">\ +https://security-tracker.debian.org/tracker/node-sqlite3</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2023/dsa-5373.data" +# $Id: $ |