[ubuntu/bionic-security] node-url-parse 1.2.0-1ubuntu0.1 (Accepted)

Mon Mar 27 15:01:24 UTC 2023

node-url-parse (1.2.0-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Authorization Bypass
    - debian/patches/CVE-2022-0512[1-7].patch: fixed improper input handeling 
      in node-url-parse for input containing the at sign.
    - debian/patches/CVE-2022-0639[1-2].patch: fixed improper input handeling 
      in node-url-parse in toString function.
    - debian/patches/CVE-2022-0686[1-7].patch: fixed improper input handeling 
      in node-url-parse when input contains specified but empty port.
    - debian/patches/CVE-2022-0691[1-4].patch: fixed improper input handeling 
      in node-url-parse for input containing URL beginning with control
      characters.
    - CVE-2022-0512
    - CVE-2022-0639
    - CVE-2022-0686
    - CVE-2022-0691
  * SECURITY UPDATE: Open Redirect, SSRF, and DoS
    - debian/patches/CVE-2018-3774[1-4].patch: fixed improper input handeling
      in node-url-parse when cerain carafted hostnames.
    - debian/patches/CVE-2021-27515[1-2].patch: fixed improper input handeling 
      in node-url-parse for input containing backslash.
    - debian/patches/CVE-2021-3664[1-5].patch: fixed improper input handeling 
      in node-url-parse for input containing backslash.
    - CVE-2018-3774
    - CVE-2021-27515
    - CVE-2021-3664
  * SECURITY UPDATE: Bypass Input Validation
    - debian/patches/CVE-2020-8124.patch: fixed improper input handeling
      in node-url-parse when using in the browser.
    - CVE-2020-8124

Date: 2023-03-23 14:40:13.426353+00:00
Changed-By: Amir Naseredini <amir.naseredini at canonical.com>
https://launchpad.net/ubuntu/+source/node-url-parse/1.2.0-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.