|
|
Log in / Subscribe / Register

Debian alert DLA-2698-1 (node-bl)



From:
              Thorsten Alteholz <debian@alteholz.de>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 2698-1] node-bl security update


Date:
              Wed, 30 Jun 2021 22:11:23 +0000


Message-ID:
              <alpine.DEB.2.21.2106302206570.3405@postfach.intern.alteholz.me>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2698-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
July 01, 2021                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : node-bl
Version        : 1.1.2-1+deb9u1
CVE ID         : CVE-2020-8244


An issue has been found in node-bl, a Node.js module to access multiple 
buffers with Buffer interface.
Due to a buffer over-read, uninitialized memory might be exposed by 
providing crafted user input.


For Debian 9 stretch, this problem has been fixed in version
1.1.2-1+deb9u1.

We recommend that you upgrade your node-bl packages.

For the detailed security status of node-bl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/node-bl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmDc7AtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdmYhAAhQZZkIwKMkP2oTG2252fkVezwD/qzHUe6Z81uo7FDng76InPTTlXPS8C
GMzQA8JqCcq0WPcR2XWwZJHLzcO71yNVd/EqyjE2+ONLV7vMAVsE25UqWjZ9ZC4o
J4JEWgUfrqH2isVw+KYuwWBemLqMJ4czAIrTWQCF6MKNAobhQQvvh5C+gE04Drn0
34NTq9S6yIqmeZsrDexktUbvlppScCZZIHMBjkZJm72kOp6wdfbUAtGGfRxP0Uyc
LSK0ILtjZId7Tl8ZdzI8dZm6I5HmDr0M+Tfvkb74o2vTbAh/JBbK5VOuQTD2qpyM
zOAsM9QMaPVmGs/D1YBm8GXuNomQa5/K7ZFL3bBC7d6s+5YXhKAfr6KCi9RvMDa6
VvsRlqIeqXTDX3knp+NoZH5QVgne/ece0kvkJSh7k/QHl7Wur4Pnc2wDEu2dZDKm
qX2QPI1PUxPMTO3Bya1DB9kBd8Qi4gRuZLyYJJOvDWZhb7CBtTWJ5Z/Msq6UFbPy
Mj5QGKxss6QeRgCkwwrmypzJes8GuHGbUVD/0IYmpOkWxSj8xF/cnAGX2OCIkOmp
fV7K16abK+yoatkYJ2qEe6BRWoYTiDJtEubwgN9x2h41qb8nL1Xwxwo8I8PKe2LV
ym37IZxg/4BOWx5kjDGGSc9R5WpKNpq7upBbddi9KvCTljt+9qU=
=IpgJ
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds