Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits: 86672ee3 by Guilhem Moulin at 2023-01-29T17:05:53+01:00 Reserve DLA-3291-1 for node-object-path - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -104131,7 +104131,6 @@ CVE-2021-3806 (A path traversal vulnerability on Pardus Software Center's "extra CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...) - node-object-path 0.11.8-1 [bullseye] - node-object-path 0.11.5-3+deb11u1 - [buster] - node-object-path <no-dsa> (Minor issue) [stretch] - node-object-path <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 NOTE: https://github.com/mariocasciaro/object-path/commit/4f0903fd7c832d12ccbe0d9c3d7e25d985e9e884 (v0.11.8) @@ -149287,7 +149286,6 @@ CVE-2021-23435 (This affects the package clearance before 2.5.0. The vulnerabili CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confusion v ...) - node-object-path 0.11.7-1 [bullseye] - node-object-path 0.11.5-3+deb11u1 - [buster] - node-object-path <no-dsa> (Minor issue) [stretch] - node-object-path <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453 NOTE: https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[29 Jan 2023] DLA-3291-1 node-object-path - security update + {CVE-2021-3805 CVE-2021-23434} + [buster] - node-object-path 0.11.4-2+deb10u2 [29 Jan 2023] DLA-3290-1 libzen - security update {CVE-2020-36646} [buster] - libzen 0.4.37-1+deb10u1 ===================================== data/dla-needed.txt ===================================== @@ -177,11 +177,6 @@ node-nth-check NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk) NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby). -- -node-object-path (guilhem) - NOTE: 20221111: Programming language: JavaScript. - NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk) - NOTE: 20221223: Functional part of CVE-2021-3805 might be https://gist.github.com/lamby/ebf0633837f16d174138bbf36bef38f3/raw (lamby) --- node-qs NOTE: 20230105: Programming language: JavaScript. NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86672ee355229f340c3fa92a00d7ba7903893d1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86672ee355229f340c3fa92a00d7ba7903893d1d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits