Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
19260e91 by Salvatore Bonaccorso at 2022-04-30T09:21:51+02:00
Mark CVE-2022-29078/node-ejs as no-dsa
- - - - -
0323e19c by Salvatore Bonaccorso at 2022-04-30T09:23:18+02:00
Track proposed update for node-ejs via bullseye-pu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2435,6 +2435,8 @@ CVE-2022-29079
RESERVED
CVE-2022-29078 (The ejs (aka Embedded JavaScript templates) package 3.1.6 for
Node.js ...)
- node-ejs 3.1.7-1 (bug #1010359)
+ [bullseye] - node-ejs <no-dsa> (Minor issue; can be fixed via point
release)
+ [buster] - node-ejs <no-dsa> (Minor issue; can be fixed via point
release)
[stretch] - node-ejs <end-of-life> (Node not covered by security
support)
NOTE: https://eslam.io/posts/ejs-server-side-template-injection-rce/
NOTE:
https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf
(v3.1.7)
=====================================
data/next-point-update.txt
=====================================
@@ -54,3 +54,5 @@ CVE-2022-27405
[bullseye] - freetype 2.10.4+dfsg-1+deb11u1
CVE-2022-27404
[bullseye] - freetype 2.10.4+dfsg-1+deb11u1
+CVE-2022-29078
+ [bullseye] - node-ejs 2.5.7-3+deb11u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e6a9f5debf53a3a71988a73d981528424df2b9e...0323e19ccd83df57cd24c9db68a402960e510bb9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e6a9f5debf53a3a71988a73d981528424df2b9e...0323e19ccd83df57cd24c9db68a402960e510bb9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
