Package "libjs-moment"
Name: |
libjs-moment
|
Description: |
Work with dates in JavaScript (library)
|
Latest version: |
2.29.1+ds-3ubuntu0.2 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
universe |
Head package: |
node-moment |
Homepage: |
https://github.com/moment/moment |
Links
Download "libjs-moment"
Other versions of "libjs-moment" in Jammy
Changelog
node-moment (2.29.1+ds-3ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: Path traversal (LP: #1982617)
- debian/patches/CVE-2022-24785.patch: Avoid loading path-looking locales
from filesystem.
- CVE-2022-24785
* SECURITY UPDATE: Denial of service via very long date string (LP: #1982617)
- debian/patches/CVE-2022-31129.patch: Make a regular expression more
efficient.
- CVE-2022-31129
* debian/changelog: Add build dependency on libjs-qunit.
* debian/source/lintian-overrides: Remove, because all overrides are unused
or mismatched.
* debian/tests/control: Add dependency on libjs-qunit.
* debian/tests/pkg-js/test: Do a complete test.
-- Luís Infante da Câmara <email address hidden> Thu, 04 Aug 2022 09:27:56 +0100
|
1982617 |
Versions in Bionic, Focal and Jammy are vulnerable to CVE-2022-24785 and CVE-2022-31129 |
CVE-2022-24785 |
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (serve |
CVE-2022-31129 |
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an ine |
|
About
-
Send Feedback to @ubuntu_updates