Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cd2b1396 by Salvatore Bonaccorso at 2026-06-19T05:58:25+02:00
Track fixed version for nodejs issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
 CVE-2026-48931
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#http-response-queue-poisoning-via-toctou-race-condition-in-httpagent-cve-2026-48931---low
 CVE-2026-48936
        - nodejs <not-affected> (Only affects Node.js v26)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#unix-domain-socket-server-bypasses---permission-network-restrictions-incomplete-cve-2026-21636-fix-cve-2026-48936---low
 CVE-2026-48935
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#permission-model-bypass-via-filehandleutimes-in-the-promises-api-cve-2026-48935---low
 CVE-2026-48934
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#tls-host-identity-verification-bypass-via-session-reuse-with-different-servername-leads-to-unauthorized-connections-cve-2026-48934---medium
 CVE-2026-48930
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#embedded-nul-hostnames-can-lead-to-silent-authority-rebinding-due-to-c-string-truncation-in-resolver-bindings-cve-2026-48930---medium
 CVE-2026-48928
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#uppercase-sni-context-matching-can-lead-to-mtls-authorization-bypass-due-to-case-sensitive-hostname-matching-cve-2026-48928---medium
 CVE-2026-48619
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#unbounded-memory-growth-in-nodehttp2-clients-via-attacker-controlled-origin-frames-cve-2026-48619---medium
 CVE-2026-48615
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#proxy-credentials-leaked-in-err_proxy_tunnel-error-message-cve-2026-48615---medium
 CVE-2026-48618
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#nodejs-unicode-dot-separator-handling-can-lead-to-tls-wildcard-depth-authentication-bypass-due-to-resolver-and-verifier-hostname-normalization-mismat-cve-2026-48618---high
 CVE-2026-48933
        - nodejs <unfixed>
@@ -119,7 +119,7 @@ CVE-2026-48937 (A flaw in Node.js HTTP/2 server API can 
cause servers to keep ac
        - nodejs <unfixed>
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#http2-sessions-never-clean-up-after-goaway-on-invalid-protocol-errors-cve-2026-48937---medium
 CVE-2026-48617 (A flaw in Node.js Permission Model enforcement allows Bypass 
via `proc ...)
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#permission-model-bypass-via-processreportwritereport-path-misvalidation-cve-2026-48617---low
 CVE-2026-47833 (setupBpmLogs follows symlink for bpm.log open and chown \u2014 
contain ...)
        NOT-FOR-US: setupBpmLogs



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd2b1396a24e963cb763879db66ad968ac1c9100

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd2b1396a24e963cb763879db66ad968ac1c9100
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to