Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 64868c97 by Salvatore Bonaccorso at 2021-03-13T11:17:25+01:00 Track fixed version for two node-lodash issues fixed in unstable - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -11545,7 +11545,7 @@ CVE-2021-23339 (This affects all versions before 10.1.14 and from 10.2.0 to 10.2 CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...) NOT-FOR-US: qlib CVE-2021-23337 (All versions of package lodash; all versions of package org.fujion.web ...) - - node-lodash <unfixed> (bug #985086) + - node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086) [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724 CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...) @@ -27120,7 +27120,7 @@ CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versio CVE-2020-28501 RESERVED CVE-2020-28500 (All versions of package lodash; all versions of package org.fujion.web ...) - - node-lodash <unfixed> (bug #985086) + - node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086) [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1018905 CVE-2020-28499 (All versions of package merge are vulnerable to Prototype Pollution vi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64868c97fb126b1efb50a48c890abcf2b4384f6e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64868c97fb126b1efb50a48c890abcf2b4384f6e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits