-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3386-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 06, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : grunt Version : 1.0.1-8+deb10u3 CVE ID : CVE-2022-0436 Debian Bug : 1009676 It was discovered that there was a potential path-traversal vulnerability in GruntJS, a multipurpose task runner and build system tool. This could have been exploited via malicious symlinks. For Debian 10 buster, this problem has been fixed in version 1.0.1-8+deb10u3. We recommend that you upgrade your grunt packages. For the detailed security status of grunt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/grunt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmQulIwACgkQHpU+J9Qx HlgPpg//WEkim/eBKBrxVmT6IjsSuDWhtdbc8WSf5CjuBhx0UOXG9p0QPjNov/Xo HoG0KrUK4+UKvVHyKvMlOPLT1E1nAuS8ySxMbi1Ic7GWpcTdosed+0tfKkPnMQpO vnOHJqtJNPbgNrazF1Qz36Jt2QzXJtYrMAqtn7ECXFLSnpjQ/403bJGlNFLI3Xca M16Hf1ld3zuIESdzOsQ/DnBnA1KYhEDGBV2XYMns54MzONwx36poKVIzY2YrwOid u/0cNoG8OB0dEX8yLJkVB3xBS/FxOk99/XoTXqwqP3JbJ2v64B6OY2WN+Y2lNCNo gY/3WOXl1bKB7Goh9k1bgmhYSGf6dQauhFBAMzuX8x2aED6VsCLYKXshreiZRPXS NVZX8+wCF6DUYHbABlBQrReun/DVlE/Qgt+MJY69iyjYkIu4c41Q1Aq4PCAWNAs3 BqoRzDVflou2gY/VKIhFX2OggBP/wf0CPu9WVMOUjWbVm2tknsTgrX+1q4p7LYwG Wl/j5/vCpEPJRDx+6CL8x+JDXPJfSIfh6FXL+m9sRViNup8MBQiLzilQcW/+50z3 g13iJJferkdXxDjzl+oEMp55OX++funxtDJV+iyZh4NWv9edsI+8nQDB2dQ70CBI M6u8Qgv6EGD8mBaIC2Ip9TW8qgtCJV1KfKMRyi482Yj/dbU1Mzg= =1w/E -----END PGP SIGNATURE-----
