Accepted node-json5 0.5.1-1+deb10u1 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted node-json5 0.5.1-1+deb10u1 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 22 Nov 2023 22:10:21 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: node-json5_0.5.1-1+deb10u1_source.changes
- Debian-source: node-json5
- Debian-suite: oldoldstable
- Debian-version: 0.5.1-1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=s0wEhQ2C9iz9qRqtxRbR0hhobqlKwOK9zqvWzcnpYQc=; b=Yftv6nAUF3hle987odNEEGfYDg MIHrcCjwLPasWdI6M+tVAmOI6OZYqvzfZSne16Q72GZTig/76lpqTrxtpC97Eg1WKOF4RNcJ7QnHb oY1nr8NwSk+Lxc+gAqPgydv7s2xECTAhtPrpOr/oel6Yccg8HzZsTaLH0KrRxpBQWp+zINT9yOy+T 85U5xX+T3rfUQ7w4fIGDqouqItpp21gSpl6rHp+7GDlfZ0seNnKCsqIWsC4/pnbc4ZpVFZ4EmCSSR MdeD3JtHFcKX8w4QZDGc+bDlKdR3pntk3O2d1FWsLuSJvuLYvURJTbiKuv4whX6BDo2KHNbtH184Q ErZ9eAbQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1r5vQL-00GqQK-Gb@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 19 Nov 2023 21:48:35 +0000
Source: node-json5
Architecture: source
Version: 0.5.1-1+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
node-json5 (0.5.1-1+deb10u1) buster-security; urgency=medium
.
* Non-maintainer upload by the LTS Security Team.
* Fix CVE-2022-46175: The `parse` method of the JSON5
library does not restrict parsing of keys named
`__proto__`, allowing specially crafted strings to
pollute the prototype of the resulting object
Checksums-Sha1:
73e9bad68f68ed95c6e82ab815dfd273c65545f7 2070 node-json5_0.5.1-1+deb10u1.dsc
ca188312413baa0d7b5af8920ca35a7a15a37417 20034 node-json5_0.5.1.orig.tar.gz
1684f51c7eb952c7a57633ecfc670cdf380339e4 9288 node-json5_0.5.1-1+deb10u1.debian.tar.xz
b96478854c1b01a9fd05c1cfc0b6c0b2cdbe0d59 7104 node-json5_0.5.1-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
a1cbf4a0939efb8b332abc4f250e4760a914be77a4863ddf210b33c830ae078d 2070 node-json5_0.5.1-1+deb10u1.dsc
3618908ccc9038ecbd5e11b8e20f38246a2527778b3a38c8814d499aa05e206e 20034 node-json5_0.5.1.orig.tar.gz
dfe2120ba86a270e5014a66342381add28dbdbabaf1b1687fdcda136cef0ac45 9288 node-json5_0.5.1-1+deb10u1.debian.tar.xz
3298d17a8d1c145ee4ee266283e704de4665a958184d0460d86c2d5ba2e1cbd1 7104 node-json5_0.5.1-1+deb10u1_amd64.buildinfo
Files:
d358e565d0ab911b2deec9ab7e8f638d 2070 javascript optional node-json5_0.5.1-1+deb10u1.dsc
4cdb1f68a67ce3d1118e840ebf6711af 20034 javascript optional node-json5_0.5.1.orig.tar.gz
2736480b2ee67da6ff10c810f0f474d3 9288 javascript optional node-json5_0.5.1-1+deb10u1.debian.tar.xz
ebe2b1c0a0d8c36221d602b819839d50 7104 javascript optional node-json5_0.5.1-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVed9cRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9jeRAAk7tOCbuwX0NGSpUvhunLGsHOO2Mu5ksh
FujY/5/p3P7wq0TP8gabVM984zL+2po37L/AmslLAjAIh8bMapptWO1pue4QVu5G
1otBOxpYNwvsxrRXsejq7R1uSw1KjDJy11yV0uafJPCm66+jonYwcge4D/L+Hc9P
tN9hNliPWc6zL3+0k3J8QdjRj54Z7Pr+wC62XFk/c8r8dDeDWF2wCdfj54hlG8QB
Sg0jmpJKQcQNBjGNpKjPPpBjrGFiGImSeb3+SvMAT8Qvymkzs03T5QcT36P1tgKv
3UBbDB2v5O0YZFKibWznLmr4lQEaLI5VxA3P9cUB+5fxkPkPQz2VcFEYcNtSW1Fk
Opv1fpI23BMbBFYodZyjkmJDMTtfX3q4GHbkuZ9peHfAZLO/cEXhj4T2pnC+N8+f
Oyh7HJ7TkzXPi6FhJ2MmEDlsR4AoVp7THWRZBh2rLUrIaTuKhE7L2G6zqu7Bljdh
fn/OjJ2u8cyq6zImoS8pZpZAInqzJkKLsnTJ/bHq8NaB8oIr1akQ9QEZLCCSK0nP
B0Wkf9xFCJ3Zr+A6rtOtn0YnygYb66TZ7TKWu5CsDw1dhFiO39ipbzcNnPRv4AQw
vVQ/ITijjx9ih1Y5po/UIbtxQ/T8xYiwyaQ8YVxBmYMpUs0OA/IaOUKbNKnokwSn
R7lGExw1wXo=
=D+F7
-----END PGP SIGNATURE-----