Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af25ae6a by Sylvain Beucler at 2022-11-11T12:20:38+01:00
CVE-2022-21227/node-sqlite3: buster not-affected
- - - - -
cfa302c1 by Sylvain Beucler at 2022-11-11T12:27:46+01:00
CVE-2021-33623/node-trim-newlines: reference patches
- - - - -
fea4d7f9 by Sylvain Beucler at 2022-11-11T12:34:30+01:00
dla: add NodeJS packages with bullseye-pu to backport
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -55390,11 +55390,12 @@ CVE-2022-21230 (This affects all versions of package
org.nanohttpd:nanohttpd. Wh
CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of
Service ( ...)
- node-sqlite3 5.0.6+ds1-1
[bullseye] - node-sqlite3 5.0.0+ds1-1+deb11u1
- [buster] - node-sqlite3 <no-dsa> (minor issue)
+ [buster] - node-sqlite3 <not-affected> (Vulnerable code introduced
later)
[stretch] - node-sqlite3 <end-of-life> (Nodejs in stretch not covered
by security support)
NOTE: https://github.com/advisories/GHSA-9qrh-qjmc-5w2p
NOTE: Fixed by:
https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a
(v5.0.3)
NOTE: https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645
+ NOTE: Introduced by:
https://github.com/TryGhost/node-sqlite3/commit/dd3ef522088bb5cafede25b9fe661f892b6f10ba
(v5.0.0)
CVE-2022-21223 (The package cocoapods-downloader before 1.6.2 are vulnerable
to Comman ...)
NOT-FOR-US: cocoapods-downloader
CVE-2022-21222 (The package css-what before 2.1.3 are vulnerable to Regular
Expression ...)
@@ -104866,6 +104867,8 @@ CVE-2021-33623 (The trim-newlines package before
3.0.1 and 4.x before 4.0.1 for
[buster] - node-trim-newlines <no-dsa> (Minor issue)
[stretch] - node-trim-newlines <end-of-life> (Nodejs in stretch not
covered by security support)
NOTE: https://github.com/advisories/GHSA-7p7h-4mm5-852v
+ NOTE:
https://github.com/sindresorhus/trim-newlines/commit/25246c6ce5eea1c82d448998733a6302a4350d91
(v4.0.1)
+ NOTE:
https://github.com/sindresorhus/trim-newlines/commit/b10d5f4afef832b16bc56d49fc52c68cbd403869
(v3.0.1)
CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before
3.5-8, h ...)
[experimental] - singularity-container 3.9.4+ds2-1
- singularity-container 3.9.5+ds1-2 (bug #990201)
=====================================
data/dla-needed.txt
=====================================
@@ -164,12 +164,68 @@ netatalk
NOTE: 20220816: Programming language: C.
NOTE: 20220912: We get errors in the log, not present on bookworm. Needs
more investigation. (stefanor)
--
+node-cached-path-relative
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
+--
node-css-what
NOTE: 20221031: Programming language: Javascript.
--
+node-eventsource
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
+--
+node-fetch
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
+--
+node-follow-redirects
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
+--
+node-got
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
+--
+node-json-schema
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.2 (Beuc/front-desk)
+--
+node-loader-utils
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: upcoming bullseye PU
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023798 (Beuc/front-desk)
+--
+node-log4js
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.5 (Beuc/front-desk)
+--
+node-moment
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk)
+--
+node-nth-check
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
+--
+node-object-path
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk)
+--
+node-set-value
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk)
+--
node-tar
NOTE: 20220907: Programming language: JavaScript.
--
+node-trim-newlines
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
+--
+node-url-parse
+ NOTE: 20221111: Programming language: JavaScript.
+ NOTE: 20221111: Follow fixes from bullseye 11.4 + check postponed issues
(Beuc/front-desk)
+--
nodejs
NOTE: 20221105: Programming language: Javascript, C/C++, Python
NOTE: 20221105: VCS: https://salsa.debian.org/lts-team/packages/nodejs.git
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ed88d9e44bbe54b8b4497a912af00a1d1acab7c6...fea4d7f9f38f203364dfb0401cef272a94a55a86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ed88d9e44bbe54b8b4497a912af00a1d1acab7c6...fea4d7f9f38f203364dfb0401cef272a94a55a86
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
