Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3d5bfa78 by Salvatore Bonaccorso at 2026-01-15T21:06:19+01:00
Update status for CVE-2025-59464
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -755,7 +755,7 @@ CVE-2026-21636 [Node.js permission model bypass via
unchecked Unix Domain Socket
- nodejs <not-affected> (Only affects Node.js v25)
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#nodejs-permission-model-bypass-via-unchecked-unix-domain-socket-connections-uds-cve-2026-21636---medium
CVE-2025-59464 [Memory leak that enables remote Denial of Service against
applications processing TLS client certificates]
- - nodejs <unfixed>
+ - nodejs <not-affected> (Only affects Node.js v24 releases and fixed in
v24.12.0)
NOTE:
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#memory-leak-that-enables-remote-denial-of-service-against-applications-processing-tls-client-certificates-cve-2025-59464---medium
CVE-2025-59466 [Uncatchable "Maximum call stack size exceeded" error on
Node.js via async_hooks leads to process crashes bypassing error handlers]
- nodejs 22.22.0+dfsg+~cs22.19.6-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d5bfa782af22ef812b1bb8593a80c447de7d436
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d5bfa782af22ef812b1bb8593a80c447de7d436
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
