UbuntuUpdates.org

Package "node-moment"

Name: node-moment

Description:

Work with dates in JavaScript (Node.js module)
Latest version: 2.20.1+ds-1ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: https://github.com/moment/moment

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "node-moment"

All arch deb package
APT INSTALL

Other versions of "node-moment" in Bionic

Repository Area Version
base universe 2.20.1+ds-1
updates universe 2.20.1+ds-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.20.1+ds-1ubuntu0.1 2022-08-10 14:06:17 UTC

  node-moment (2.20.1+ds-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Path traversal (LP: #1982617)
    - debian/patches/CVE-2022-24785.patch: Avoid loading path-looking locales
      from filesystem.
    - CVE-2022-24785
  * SECURITY UPDATE: Denial of service via very long date string (LP: #1982617)
    - debian/patches/CVE-2022-31129.patch: Make a regular expression more
      efficient.
    - CVE-2022-31129
  * debian/control: Add a build dependency on libjs-qunit.
  * debian/rules: Add an override_dh_auto_test target that invokes
    debian/run_test_suite.
  * debian/run_test_suite: New file that invokes the upstream test suite.

 -- Luís Infante da Câmara <email address hidden> Fri, 22 Jul 2022 22:08:31 +0100
1982617 Versions in Bionic, Focal and Jammy are vulnerable to CVE-2022-24785 and CVE-2022-31129
CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (serve
CVE-2022-31129 moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an ine


About   -   Send Feedback to @ubuntu_updates