Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: af25ae6a by Sylvain Beucler at 2022-11-11T12:20:38+01:00 CVE-2022-21227/node-sqlite3: buster not-affected - - - - - cfa302c1 by Sylvain Beucler at 2022-11-11T12:27:46+01:00 CVE-2021-33623/node-trim-newlines: reference patches - - - - - fea4d7f9 by Sylvain Beucler at 2022-11-11T12:34:30+01:00 dla: add NodeJS packages with bullseye-pu to backport - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -55390,11 +55390,12 @@ CVE-2022-21230 (This affects all versions of package org.nanohttpd:nanohttpd. Wh CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of Service ( ...) - node-sqlite3 5.0.6+ds1-1 [bullseye] - node-sqlite3 5.0.0+ds1-1+deb11u1 - [buster] - node-sqlite3 <no-dsa> (minor issue) + [buster] - node-sqlite3 <not-affected> (Vulnerable code introduced later) [stretch] - node-sqlite3 <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://github.com/advisories/GHSA-9qrh-qjmc-5w2p NOTE: Fixed by: https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a (v5.0.3) NOTE: https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645 + NOTE: Introduced by: https://github.com/TryGhost/node-sqlite3/commit/dd3ef522088bb5cafede25b9fe661f892b6f10ba (v5.0.0) CVE-2022-21223 (The package cocoapods-downloader before 1.6.2 are vulnerable to Comman ...) NOT-FOR-US: cocoapods-downloader CVE-2022-21222 (The package css-what before 2.1.3 are vulnerable to Regular Expression ...) @@ -104866,6 +104867,8 @@ CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for [buster] - node-trim-newlines <no-dsa> (Minor issue) [stretch] - node-trim-newlines <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://github.com/advisories/GHSA-7p7h-4mm5-852v + NOTE: https://github.com/sindresorhus/trim-newlines/commit/25246c6ce5eea1c82d448998733a6302a4350d91 (v4.0.1) + NOTE: https://github.com/sindresorhus/trim-newlines/commit/b10d5f4afef832b16bc56d49fc52c68cbd403869 (v3.0.1) CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, h ...) [experimental] - singularity-container 3.9.4+ds2-1 - singularity-container 3.9.5+ds1-2 (bug #990201) ===================================== data/dla-needed.txt ===================================== @@ -164,12 +164,68 @@ netatalk NOTE: 20220816: Programming language: C. NOTE: 20220912: We get errors in the log, not present on bookworm. Needs more investigation. (stefanor) -- +node-cached-path-relative + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk) +-- node-css-what NOTE: 20221031: Programming language: Javascript. -- +node-eventsource + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk) +-- +node-fetch + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk) +-- +node-follow-redirects + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk) +-- +node-got + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk) +-- +node-json-schema + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.2 (Beuc/front-desk) +-- +node-loader-utils + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: upcoming bullseye PU https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023798 (Beuc/front-desk) +-- +node-log4js + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.5 (Beuc/front-desk) +-- +node-moment + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk) +-- +node-nth-check + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk) +-- +node-object-path + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk) +-- +node-set-value + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk) +-- node-tar NOTE: 20220907: Programming language: JavaScript. -- +node-trim-newlines + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk) +-- +node-url-parse + NOTE: 20221111: Programming language: JavaScript. + NOTE: 20221111: Follow fixes from bullseye 11.4 + check postponed issues (Beuc/front-desk) +-- nodejs NOTE: 20221105: Programming language: Javascript, C/C++, Python NOTE: 20221105: VCS: https://salsa.debian.org/lts-team/packages/nodejs.git View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ed88d9e44bbe54b8b4497a912af00a1d1acab7c6...fea4d7f9f38f203364dfb0401cef272a94a55a86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ed88d9e44bbe54b8b4497a912af00a1d1acab7c6...fea4d7f9f38f203364dfb0401cef272a94a55a86 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits