Debian-LTS has issued an advisory today (December 7): https://www.debian.org/lts/security/2022/dla-3228 The issue is fixed upstream in 0.4.0. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 0.4.0
This pkg has been quiet since it was introduced over 4y ago! Assigning this update to its registered maintainer Stig.
Assignee: bugsquad => smelror
Advisory ======== CVE-2021-3918: node-json-schema, JSON Schema validation and specifications, was vulnerable to Improperly Controlled Modification of Object Prototype Attributes. References ========== https://nvd.nist.gov/vuln/detail/CVE-2021-3918 Files ===== Uploaded to core/updates_testing nodejs-json-schema-0.2.3-3.1.mga8 from nodejs-json-schema-0.2.3-3.1.mga8.src.rpm
Assignee: smelror => qa-bugsWhiteboard: MGA8TOO => (none)Version: Cauldron => 8
CC: (none) => smelrorStatus comment: Fixed upstream in 0.4.0 => (none)
MGA8-64 MATE on Acer Aspire 5253 No installation issues. No wiki, no previous updates, so searching # urpmq --whatrequires nodejs-json-schema nodejs-json-schema nodejs-jsprim # urpmq --whatrequires-recursive nodejs-json-schema nodejs-http-signature nodejs-json-schema nodejs-jsprim nodejs-request This all looks developer's territory to me, so I OK on clean install, unless someone jumps in with better ideas.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0463.html
Status: NEW => RESOLVEDResolution: (none) => FIXED