Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
039aa5e5 by Moritz Muehlenhoff at 2021-09-23T14:21:01+02:00
nodejs n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -44759,9 +44759,8 @@ CVE-2021-22933 (A vulnerability in Pulse Connect Secure
before 9.1R12 could allo
CVE-2021-22932 (An issue has been identified in the CTX269106 mitigation tool
for Citr ...)
NOT-FOR-US: Citrix
CVE-2021-22931 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to
Remote Co ...)
- - nodejs <undetermined>
+ - nodejs <not-affected> (Debian builds nodejs against src:c-ares)
NOTE:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931
- TODO: check, nodejs uses system c-ares which fixed CVE-2021-3672 and so
this entry might be not-affected
CVE-2021-22930 [Use after free on close http2 on stream canceling]
RESERVED
- nodejs 12.22.4~dfsg-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039aa5e57bcddcb4e0441791a42ce32ab7c73232
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/039aa5e57bcddcb4e0441791a42ce32ab7c73232
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
