Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 19260e91 by Salvatore Bonaccorso at 2022-04-30T09:21:51+02:00 Mark CVE-2022-29078/node-ejs as no-dsa - - - - - 0323e19c by Salvatore Bonaccorso at 2022-04-30T09:23:18+02:00 Track proposed update for node-ejs via bullseye-pu - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: ===================================== data/CVE/list ===================================== @@ -2435,6 +2435,8 @@ CVE-2022-29079 RESERVED CVE-2022-29078 (The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js ...) - node-ejs 3.1.7-1 (bug #1010359) + [bullseye] - node-ejs <no-dsa> (Minor issue; can be fixed via point release) + [buster] - node-ejs <no-dsa> (Minor issue; can be fixed via point release) [stretch] - node-ejs <end-of-life> (Node not covered by security support) NOTE: https://eslam.io/posts/ejs-server-side-template-injection-rce/ NOTE: https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf (v3.1.7) ===================================== data/next-point-update.txt ===================================== @@ -54,3 +54,5 @@ CVE-2022-27405 [bullseye] - freetype 2.10.4+dfsg-1+deb11u1 CVE-2022-27404 [bullseye] - freetype 2.10.4+dfsg-1+deb11u1 +CVE-2022-29078 + [bullseye] - node-ejs 2.5.7-3+deb11u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e6a9f5debf53a3a71988a73d981528424df2b9e...0323e19ccd83df57cd24c9db68a402960e510bb9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e6a9f5debf53a3a71988a73d981528424df2b9e...0323e19ccd83df57cd24c9db68a402960e510bb9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits