Path: ...!fu-berlin.de!bofh.it!news.nic.it!robomod From: Moritz Muehlenhoff Newsgroups: linux.debian.announce.security Subject: [SECURITY] [DSA 5373-1] node-sqlite3 security update Date: Tue, 14 Mar 2023 22:50:01 +0100 Message-ID: X-Original-To: debian-security-announce@lists.debian.org X-Mailbox-Line: From debian-security-announce-request@lists.debian.org Tue Mar 14 21:48:59 2023 Old-Return-Path: X-Amavis-Spam-Status: No, score=-115.981 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_HI=-5, SARE_RMML_Stock1=0.21, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no Old-Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=nLSxwfOPhHD3QTfHLzV4ftcfJtnKP2WWc3/usLOblK8=; b=Mk QkCSiCQ0JxhYr4FPTwDZgBUVD1IS1D9wc1LXzAFuctESD6FUObSRAmSF3tBHvSwpEqSW/JUhdCLgq Tk9r0vg7K5SY3cWRnkmHRfM8KtjQ/sfXeEcYlV0VX7yfOUVPTiTX1ZSkknHM2iKEkjo9XBgvB+7Uh Uq6Sz6BnsSAT6OVQ9ObCfOyKd3Hvsewk81af0DwDn6qqfZvxUE44ZHw53NJ3/B2bvJ+paXC6du7As 7HkWw4zar/PtlckphfIWNKXu/g9DPtQxFQhDcsHrkdpZf7Dq6un2LsQRx77pwfmKceuvxRbf5wCd6 9b1pw36kPGTyssXBzB4+bjTGD9Mt8YyA==; MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Debian: PGP check passed for security officers Priority: urgent Reply-To: debian-security-announce-request@lists.debian.org X-Mailing-List: archive/latest/4273 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/ZBDrsgOYr/6GYwNB@seger.debian.org Approved: robomod@news.nic.it Lines: 46 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Date: Tue, 14 Mar 2023 21:48:34 +0000 X-Original-Message-ID: Bytes: 4436 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5373-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 14, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : node-sqlite3 CVE ID : CVE-2022-43441 Dave McDaniel discovered that the SQLite3 bindings for Node.js were susceptible to the execution of arbitrary JavaScript code if a binding parameter is a crafted object. For the stable distribution (bullseye), this problem has been fixed in version 5.0.0+ds1-1+deb11u2. We recommend that you upgrade your node-sqlite3 packages. For the detailed security status of node-sqlite3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-sqlite3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQQ6ncACgkQEMKTtsN8 TjZetg/+I4CbZVhZjDluu+0Y0WYWTBNZK+mFxHq9xAgBLHwY6MU8ojidUCJ8RGZX RjcIe5g9QwzFlJpTa5iYp5l6DdlzBjphhN5Wfxgtu2s+Buar7EiKqz1YIlhl01Zv AxcRcpCxv6jlSMuWUFX2EsUids0vzDQBvMkF0tb4wO4RZTJl6fmfVqd/jAxeqKqo /L/GXo8tVKT0MeHghit/DA2VnUAjDq+wcY2xMu3s66v39qbxZ6bzN9+Vdjk84Hcu gm03VSNlHMV7Ybcq+D8JkH+tSXWzlCILxn6ohyt2srW/PsOH6/qMtDzNxAY/LyKf uunYtB0IQD89GTaVP3j+RRfYrhhA0sTelXDXTfBN5i7yQr8Z8OO62deHROYiZ++m PJ3UJUhnkoWkcWoO8pMo4edVIrJUiNE8C5EFuKwyUrl/jUyGuXGassb+tenvKLLD Du4EfHBDcdhv6FsN0Gk7Zv9KJoEIrCspoku6gcpgyAkka10tcHNAvLY9hwIO7vEi WB4tCRvlsj28QiypM3xXE7OXrIXaJXAEVCcfFEJ9XDADUa8PCoSLfv/33It9qmfH 6cMPCEEW6uQSj6a3rff0K4YntEpYW+C0DDQH15sYu4pmdGtnHns5lAaqZrdlPJUR ZXXU2snVSefXlb/5ur+mIVx5GD5Dg5YuthfPcUfrMGizTSM1n5Q= =hMt0 -----END PGP SIGNATURE-----