Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f1723fd by Salvatore Bonaccorso at 2026-06-19T06:01:11+02:00
Track two more CVEs as fixed in unstable upload for nodejs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,7 +26,7 @@ CVE-2026-48618
- nodejs 24.17.0+dfsg+~cs24.13.2-1
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#nodejs-unicode-dot-separator-handling-can-lead-to-tls-wildcard-depth-authentication-bypass-due-to-resolver-and-verifier-hostname-normalization-mismat-cve-2026-48618---high
CVE-2026-48933
- - nodejs <unfixed>
+ - nodejs 24.17.0+dfsg+~cs24.13.2-1
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#nodejs-webcrypto-aes-integer-overflow-leads-to-remote-process-abort-dos-cve-2026-48933---high
CVE-2026-9815 (The MagicForm WordPress plugin through 0.1.3 does not properly
validat ...)
NOT-FOR-US: WordPress plugin
@@ -116,7 +116,7 @@ CVE-2026-48985 (pam_usb provides hardware authentication
for Linux using ordinar
CVE-2026-48984 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
NOT-FOR-US: pam_usb
CVE-2026-48937 (A flaw in Node.js HTTP/2 server API can cause servers to keep
acceptin ...)
- - nodejs <unfixed>
+ - nodejs 24.17.0+dfsg+~cs24.13.2-1
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#http2-sessions-never-clean-up-after-goaway-on-invalid-protocol-errors-cve-2026-48937---medium
CVE-2026-48617 (A flaw in Node.js Permission Model enforcement allows Bypass
via `proc ...)
- nodejs 24.17.0+dfsg+~cs24.13.2-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f1723fd06c91da18890a710f19b094d0515253c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f1723fd06c91da18890a710f19b094d0515253c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits