Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e2f87754 by Salvatore Bonaccorso at 2021-06-12T10:03:53+02:00
CVE-2021-23334 confirmed to be rejected (withdrawn by its CNA)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26861,11 +26861,8 @@ CVE-2021-23336 (The package python/cpython from 0 and
before 3.6.13, from 3.7.0
NOTE:
https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
CVE-2021-23335 (All versions of package is-user-valid are vulnerable to LDAP
Injection ...)
NOT-FOR-US: Node is-user-valid
-CVE-2021-23334 (All versions of package static-eval are vulnerable to
Arbitrary Code E ...)
- - node-static-eval <unfixed> (unimportant)
- NOTE: https://snyk.io/vuln/SNYK-JS-STATICEVAL-1056765
- NOTE: https://github.com/browserify/static-eval/issues/34
- NOTE: Explicitly documented as such by upstream:
https://github.com/browserify/static-eval#security
+CVE-2021-23334
+ REJECTED
CVE-2021-23333
RESERVED
CVE-2021-23332
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2f87754f794e8f94abd4b68b73db5e57c70a9f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2f87754f794e8f94abd4b68b73db5e57c70a9f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
