unsubscribe On Sun, 15 Jan 2023 at 15:26, Guilhem Moulin <guil...@debian.org> wrote:
> ------------------------------------------------------------------------- > Debian LTS Advisory DLA-3271-1 debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Guilhem Moulin > January 15, 2023 https://wiki.debian.org/LTS > ------------------------------------------------------------------------- > > Package : node-minimatch > Version : 3.0.4-3+deb10u1 > CVE ID : CVE-2022-3517 > > A Regular Expression Denial of Service (ReDoS) vulnerability was found > in node-minimatch, a Node.js module used to convert glob expressions > into RegExp objects, which could result in Denial of Service when > calling the `braceExpand()` function with specific arguments. > > For Debian 10 buster, this problem has been fixed in version > 3.0.4-3+deb10u1. > > We recommend that you upgrade your node-minimatch packages. > > For the detailed security status of node-minimatch please refer to > its security tracker page at: > https://security-tracker.debian.org/tracker/node-minimatch > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS >
