Publishing details

Published on 2023-03-27
Copied from ubuntu focal in PPA for Ubuntu Security Proposed by Amir Naseredini

Changelog

node-url-parse (1.4.7-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Authorization Bypass
    - debian/patches/CVE-2022-0512[1-7].patch: fixed improper input handeling
      in node-url-parse for input containing the at sign.
    - debian/patches/CVE-2022-0639[1-2].patch: fixed improper input handeling
      in node-url-parse in toString function.
    - debian/patches/CVE-2022-0686[1-7].patch: fixed improper input handeling
      in node-url-parse when input contains specified but empty port.
    - debian/patches/CVE-2022-0691[1-2].patch: fixed improper input handeling
      in node-url-parse for input containing URL beginning with control
      characters.
    - CVE-2022-0512
    - CVE-2022-0639
    - CVE-2022-0686
    - CVE-2022-0691
  * SECURITY UPDATE: Open Redirect, SSRF, and DoS
    - debian/patches/CVE-2021-27515.patch: fixed improper input handeling
      in node-url-parse for input containing backslash.
    - debian/patches/CVE-2021-3664[1-5].patch: fixed improper input handeling
      in node-url-parse for input containing backslash.
    - CVE-2021-27515
    - CVE-2021-3664

 -- Amir Naseredini <email address hidden>  Thu, 23 Mar 2023 12:49:27 +0000

Available diffs

diff from 1.4.7-3 (in Debian) to 1.4.7-3ubuntu0.1 (14.3 KiB)

Builds

amd64

Built packages

node-url-parse Parse URL in node using the URL module and in the browser using the DOM

Package files

node-url-parse_1.4.7-3ubuntu0.1.debian.tar.xz (33.7 KiB)
node-url-parse_1.4.7-3ubuntu0.1.dsc (2.2 KiB)
node-url-parse_1.4.7-3ubuntu0.1_all.deb (19.1 KiB)
node-url-parse_1.4.7.orig.tar.gz (14.9 KiB)