Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d7df0e75 by Salvatore Bonaccorso at 2022-05-01T21:14:48+02:00
Mark CVE-2022-21227/node-sqlite3 as no-dsa
- - - - -
03c0a238 by Salvatore Bonaccorso at 2022-05-01T21:15:17+02:00
Track proposed update for node-sqlite3 via bullseye-pu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -11367,6 +11367,8 @@ CVE-2022-21230
CVE-2022-21227 [Denial-of-Service due to fatal error when binding invalid
parameters]
RESERVED
- node-sqlite3 5.0.6+ds1-1
+ [bullseye] - node-sqlite3 <no-dsa> (Minor issue)
+ [buster] - node-sqlite3 <no-dsa> (minor issue)
[stretch] - node-sqlite3 <end-of-life> (Nodejs in stretch not covered
by security support)
NOTE: https://github.com/advisories/GHSA-9qrh-qjmc-5w2p
NOTE: Fixed by:
https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a
(v5.0.3)
=====================================
data/next-point-update.txt
=====================================
@@ -56,3 +56,5 @@ CVE-2022-27404
[bullseye] - freetype 2.10.4+dfsg-1+deb11u1
CVE-2022-29078
[bullseye] - node-ejs 2.5.7-3+deb11u1
+CVE-2022-21227
+ [bullseye] - node-sqlite3 5.0.0+ds1-1+deb11u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d1cf75d0115c1a9925e94161897d0fc4fcc8c5df...03c0a2384a8e95aa2904d77ff8888e737642285d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d1cf75d0115c1a9925e94161897d0fc4fcc8c5df...03c0a2384a8e95aa2904d77ff8888e737642285d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
