Debian Patches
Status for node-sqlite3/5.0.0+ds1-1+deb11u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| disable-hard-test.patch | disable hard test that requires to much resources | Xavier Guimard <yadd@debian.org> | no | 2019-01-24 | ||
| CVE-2022-21227.patch | fix segfault of invalid toString() object | Kewde <kewde@particl.io> | not-needed | upstream | upstream, https://github.com/TryGhost/node-sqlite3/commit/593c9d49 | 2022-05-01 |
| CVE-2022-43441.patch | Fixed code execution vulnerability due to Object coercion - when you call `ToString()` on `Napi::Value`, it calls `napi_coerce_to_string` underneath, which has the ability to run arbitrary JS code if the passed in value is a crafted object - both remote code execution or denial-of-service are possible via this vulnerability - `toString()` on an Object returns `[object Object]` so instead of calling the function, we're going to hardcode it to prevent this issue . Credits: Dave McDaniel of Cisco Talos |
Daniel Lockyer <hi@daniellockyer.com> | not-needed | upstream | upstream, https://github.com/TryGhost/node-sqlite3/commit/edb1934d | 2023-03-14 |
All known versions for source package 'node-sqlite3'
- 5.1.5+ds1-1 (trixie, bookworm, sid)
- 5.0.0+ds1-1+deb11u2 (bullseye, bullseye-security)