-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3635-1 [email protected] https://www.debian.org/lts/security/ Yadd October 29, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : node-browserify-sign Version : 4.0.4-2+deb10u1 CVE ID : CVE-2023-46234 Debian Bug : 1054667 An upper bound check issue in `dsaVerify` function has been discovered in node-browserify-sign. This allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. For Debian 10 buster, this problem has been fixed in version 4.0.4-2+deb10u1. We recommend that you upgrade your node-browserify-sign packages. For the detailed security status of node-browserify-sign please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-browserify-sign Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmU91PsSHHguZ3VpbWFy ZEBmcmVlLmZyAAoJEPbXTKfJme7ppWwQAIdi0/jfbLyHLUgXY9ItHhe2egfqD+C1 4HrG3wNHmTStrExZWdBL5hKboiMVrrc3bGHDtABBC8GrCodaRLPSHeqi9OUNtvly tRiFN4/aMv9od3ANh7mWq4plX355Mn4UywH9vO4J3sJeOq8hF4GD6T1IvpeBatbr ZBnc+DKrrupKw1sMZ0UmoQvotmoPLzmwgdxkuh226+S/1MgEVvKvHG8gQ0gl5SZ3 NoU02Bwc8hrf5wrw2I1tYq8FPoMSyIHYQiPjG7XzE3flF5x1C8CltbmhIgBYFkjh fRYV9ZfmWL4LUnznbJhuHEd+yUQYrklW3VLS/ttFz/VHZDa1DLxnYXRck4albOfN f1IiNxGzLWj2HEQzpdYERXm0ZtUv2VmuO17V2npPO5TBy34Yd2qmgwI+SHf0eE7n utGYhWErQVrzEka7RI2PXbzZVWzzEhx/nAqM6O2sMuuql/CNhNtyYGk85GuZOu4n nBbpFQCr1iG2FCUpgtZd7ou6DYo0MiOlBH8eR/M21gRUPxZVxudDGB5eI9b6DbK6 Q+TG1QyR5WvIw+IHsMoobHjW16qmOr5QXY7Tw2TMc7QnKKNsaethBeyQ2NitGruW iUXl9lDnEdCCMs53qyq7zD2Efyc8HzewBTsxIj2IZeH/ArMSL5RXnLcYNTiUEV9l 0icW9IEmlxHN =w0we -----END PGP SIGNATURE-----
