Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1a46f4c1 by Salvatore Bonaccorso at 2025-09-09T21:05:42+02:00
Update versions referenced for node-sanitize-html commits
Back then the code apparently did not tag the version but the followup
fix was in a 1.0.3 released version, and the first attempt in 1.0.2.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -224,8 +224,8 @@ CVE-2019-25225 (`sanitize-html` prior to version 2.0.0-beta
is vulnerable to Cro
CVE-2014-125128 ('sanitize-html' prior to version 1.0.3 is vulnerable to
Cross-site Scr ...)
- node-sanitize-html <not-affected> (Fixed before initial upload to the
archive)
NOTE: https://github.com/apostrophecms/sanitize-html/issues/1
- NOTE:
https://github.com/apostrophecms/sanitize-html/commit/889d4ec968e175f1905b2eb9d33f1fa89217cb02
(1.10.1)
- NOTE:
https://github.com/apostrophecms/sanitize-html/commit/423b90e06e1e85245eccedaabeb3a82840c6cd86
(1.10.1)
+ NOTE:
https://github.com/apostrophecms/sanitize-html/commit/889d4ec968e175f1905b2eb9d33f1fa89217cb02
(1.0.2)
+ NOTE:
https://github.com/apostrophecms/sanitize-html/commit/423b90e06e1e85245eccedaabeb3a82840c6cd86
(1.0.3)
CVE-2025-40930 (JSON::SIMD before version 1.07 and earlier for Perl has an
integer buf ...)
NOT-FOR-US: JSON::SIMD Perl module
CVE-2025-40929 (Cpanel::JSON::XS before version 4.40 for Perl has an integer
buffer ov ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a46f4c156d8fdb30448a4ef16bb9631c86fecd1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a46f4c156d8fdb30448a4ef16bb9631c86fecd1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
