UbuntuUpdates.org

Package "libjs-moment"

Name: libjs-moment

Description:

Work with dates in JavaScript (library)

Latest version: 2.24.0+ds-2ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: node-moment
Homepage: https://github.com/moment/moment

Links


Download "libjs-moment"


Other versions of "libjs-moment" in Focal

Repository Area Version
base universe 2.24.0+ds-2
updates universe 2.24.0+ds-2ubuntu0.1

Changelog

Version: 2.24.0+ds-2ubuntu0.1 2022-08-10 14:06:19 UTC

  node-moment (2.24.0+ds-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Path traversal (LP: #1982617)
    - debian/patches/CVE-2022-24785.patch: Avoid loading path-looking locales
      from filesystem.
    - CVE-2022-24785
  * SECURITY UPDATE: Denial of service via very long date string (LP: #1982617)
    - debian/patches/CVE-2022-31129.patch: Make a regular expression more
      efficient.
    - CVE-2022-31129
  * debian/control: Add build dependency on libjs-qunit.
  * debian/tests/pkg-js/test: New file that invokes the upstream test suite.
    This addresses the Lintian warnings.

 -- Luís Infante da Câmara <email address hidden> Thu, 04 Aug 2022 07:50:50 +0100

1982617 Versions in Bionic, Focal and Jammy are vulnerable to CVE-2022-24785 and CVE-2022-31129
CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (serve
CVE-2022-31129 moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an ine



About   -   Send Feedback to @ubuntu_updates