UbuntuUpdates.org

Package "node-moment"

Name: node-moment

Description:

Work with dates in JavaScript (Node.js module)
Latest version: 2.29.1+ds-3ubuntu0.2
Release: jammy (22.04)
Level: updates
Repository: universe
Homepage: https://github.com/moment/moment

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "node-moment"

All arch deb package
APT INSTALL

Other versions of "node-moment" in Jammy

Repository Area Version
base universe 2.29.1+ds-3
security universe 2.29.1+ds-3ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.29.1+ds-3ubuntu0.2 2022-08-10 15:06:20 UTC

  node-moment (2.29.1+ds-3ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Path traversal (LP: #1982617)
    - debian/patches/CVE-2022-24785.patch: Avoid loading path-looking locales
      from filesystem.
    - CVE-2022-24785
  * SECURITY UPDATE: Denial of service via very long date string (LP: #1982617)
    - debian/patches/CVE-2022-31129.patch: Make a regular expression more
      efficient.
    - CVE-2022-31129
  * debian/changelog: Add build dependency on libjs-qunit.
  * debian/source/lintian-overrides: Remove, because all overrides are unused
    or mismatched.
  * debian/tests/control: Add dependency on libjs-qunit.
  * debian/tests/pkg-js/test: Do a complete test.

 -- Luís Infante da Câmara <email address hidden> Thu, 04 Aug 2022 09:27:56 +0100
1982617 Versions in Bionic, Focal and Jammy are vulnerable to CVE-2022-24785 and CVE-2022-31129
CVE-2022-24785 Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (serve
CVE-2022-31129 moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an ine


About   -   Send Feedback to @ubuntu_updates