Hi, During the month of December 2022 and on behalf of Freexian, I worked on the following:
* DLA-3221-1, node-cached-path-relative (prototype pollution) https://lists.debian.org/msgid-search/y40yr8jdg8vmg...@debian.org * DLA-3222-1, node-fetch (information leak) https://lists.debian.org/msgid-search/y4051d6z8ubq8...@debian.org * DLA-3235-1, node-eventsource (information leak) https://lists.debian.org/msgid-search/y5xkdbpcbi9nq...@debian.org * DLA 3237-1, node-tar (cache poisoning) https://lists.debian.org/msgid-search/y5c3modyc8ikj...@debian.org * DLA 3252-1, cacti (RCE, information disclosure, authentication bypass) https://lists.debian.org/msgid-search/y7aabrsu1xbds...@debian.org * DLA 3258-1, node-loader-utils (prototype pollution) https://lists.debian.org/msgid-search/Y7BiOJVHrQkW/o...@debian.org * DLA 3260-1, node-xmldom (incomplete validation) https://lists.debian.org/msgid-search/y7g8qm4fn8hhg...@debian.org [That one was uploaded and the DLA published on Jan 1, but all the work was done the day before so I'm adding it here.] Thanks to the sponsors for financing this, and to Freexian for coordinating! -- Guilhem.
signature.asc
Description: PGP signature
