Source: node-pbkdf2 Version: 3.1.2-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for node-pbkdf2. CVE-2025-6547[0]: | Improper Input Validation vulnerability in pbkdf2 allows Signature | Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-6547 https://www.cve.org/CVERecord?id=CVE-2025-6547 [1] https://github.com/browserify/pbkdf2/security/advisories/GHSA-v62p-rq8g-8h59 [2] https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
