[ubuntu/focal-updates] node-json5 0.5.1-3ubuntu0.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue Apr 30 08:58:06 UTC 2024

node-json5 (0.5.1-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Prototype pollution in object returned by JSON5.parse
    - debian/patches/cve-2022-46175.diff: use Object.defineProperty instead of
      direct property assignment to stop __proto__ from being treated specially
      in lib/json5.js; unit test in test/testproto.js.
    - CVE-2022-46175

Date: 2024-04-26 14:09:19.082049+00:00
Changed-By: Luci Stanescu <luci.stanescu at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list