[ubuntu/focal-updates] node-moment 2.24.0+ds-2ubuntu0.1 (Accepted)

Wed Aug 10 12:58:17 UTC 2022

node-moment (2.24.0+ds-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Path traversal (LP: #1982617)
    - debian/patches/CVE-2022-24785.patch: Avoid loading path-looking locales
      from filesystem.
    - CVE-2022-24785
  * SECURITY UPDATE: Denial of service via very long date string (LP: #1982617)
    - debian/patches/CVE-2022-31129.patch: Make a regular expression more
      efficient.
    - CVE-2022-31129
  * debian/control: Add build dependency on libjs-qunit.
  * debian/tests/pkg-js/test: New file that invokes the upstream test suite.
    This addresses the Lintian warnings.

Date: 2022-08-10 06:27:11.668956+00:00
Changed-By: Luís Cunha dos Reis Infante da Câmara <luis.infante.da.camara at tecnico.ulisboa.pt>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/node-moment/2.24.0+ds-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.