[Git][security-tracker-team/security-tracker][master] Triage CVE-2017-1000188, CVE-2017-1000189 & CVE-2017-1000228 in node-ejs for stretch LTS.

Fri, 29 Apr 2022 13:21:07 -0700 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73c38598 by Chris Lamb at 2022-04-29T13:20:15-07:00
Triage CVE-2017-1000188, CVE-2017-1000189 & CVE-2017-1000228 in node-ejs 
for stretch LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -289070,6 +289070,7 @@ CVE-2017-1000229 (Integer overflow bug in function 
minitiff_read_info() of optip
        NOTE: Proposed patch: 
https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
 CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote 
code exec ...)
        - node-ejs 2.5.7-1
+       [stretch] - node-ejs <end-of-life> (Node not covered by security 
support)
        NOTE: https://security.snyk.io/vuln/npm:ejs:20161128
        NOTE: 
https://github.com/mde/ejs/commit/3d447c5a335844b25faec04b1132dbc721f9c8f6 
(v2.5.3)
 CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the 
REST API ...)
@@ -289106,9 +289107,11 @@ CVE-2017-1000193 (October CMS build 412 is 
vulnerable to stored WCI (a.k.a XSS)
        NOT-FOR-US: October CMS
 CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a 
denial-of-servi ...)
        - node-ejs 2.5.7-1
+       [stretch] - node-ejs <end-of-life> (Node not covered by security 
support)
        NOTE: 
https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f 
(v2.5.4)
 CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a 
Cross-site-scri ...)
        - node-ejs 2.5.7-1
+       [stretch] - node-ejs <end-of-life> (Node not covered by security 
support)
        NOTE: 
https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f 
(v2.5.4)
 CVE-2017-1000187 (In SWFTools, an address access exception was found in 
pdf2swf. FoFiTru ...)
        - swftools <removed> (unimportant)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73c38598e0ea4d9e8f645a24a808ec712ab04474

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73c38598e0ea4d9e8f645a24a808ec712ab04474
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to