Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0ed6320 by Salvatore Bonaccorso at 2022-04-29T21:01:55+02:00
Update CVE-2017-1000228/node-ejs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -288981,7 +288981,9 @@ CVE-2017-1000229 (Integer overflow bug in function
minitiff_read_info() of optip
NOTE: https://sourceforge.net/p/optipng/bugs/65/
NOTE: Proposed patch:
https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote
code exec ...)
- NOT-FOR-US: nodejs ejs
+ - node-ejs 2.5.7-1
+ NOTE: https://security.snyk.io/vuln/npm:ejs:20161128
+ NOTE:
https://github.com/mde/ejs/commit/3d447c5a335844b25faec04b1132dbc721f9c8f6
(v2.5.3)
CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the
REST API ...)
NOT-FOR-US: WordPress plugin
CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when
using relevans ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ed6320d793b1c54fd2a3303ae579bc97d40ae6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ed6320d793b1c54fd2a3303ae579bc97d40ae6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
