Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
253fe484 by Salvatore Bonaccorso at 2026-01-22T21:51:33+01:00
Add CVE-2026-24001/node-diff
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,7 +85,13 @@ CVE-2026-24006 (Seroval facilitates JS value
stringification, including complex
CVE-2026-24002 (Grist is spreadsheet software using Python as its formula
language. Gr ...)
NOT-FOR-US: Grist
CVE-2026-24001 (jsdiff is a JavaScript text differencing implementation. Prior
to vers ...)
- TODO: check
+ - node-diff <unfixed>
+ NOTE:
https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx
+ NOTE: https://github.com/kpdecker/jsdiff/issues/653
+ NOTE: https://github.com/kpdecker/jsdiff/pull/649
+ NOTE: Fixed by:
https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5
(v8.0.3)
+ NOTE: Fixed by:
https://github.com/kpdecker/jsdiff/commit/78017899c4c80d51db805b6e013079cadc6ed0ae
(v5.2.1)
+ NOTE: Fixed by:
https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683
(v4.0.3)
CVE-2026-23996 (FastAPI Api Key provides a backend-agnostic library that
provides an A ...)
TODO: check
CVE-2026-23992 (go-tuf is a Go implementation of The Update Framework (TUF).
Starting ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/253fe48438ad78654b6b0d768610efb67112e0d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/253fe48438ad78654b6b0d768610efb67112e0d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
