[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-25844/angular.js: stretch ignored

Sat, 28 May 2022 08:00:25 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4476dd6f by Sylvain Beucler at 2022-05-28T16:59:23+02:00
CVE-2022-25844/angular.js: stretch ignored

- - - - -
4b59151d by Sylvain Beucler at 2022-05-28T16:59:23+02:00
dla: add grunt

- - - - -
65b76220 by Sylvain Beucler at 2022-05-28T16:59:24+02:00
CVE-2022-24758/jupyter-notebook: reference patch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16620,6 +16620,7 @@ CVE-2022-25845
        RESERVED
 CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular 
Expression D ...)
        - angular.js <unfixed>
+       [stretch] - angular.js <ignored> (Nodejs in stretch not covered by 
security support)
        NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
 CVE-2022-25843
        RESERVED
@@ -19984,6 +19985,7 @@ CVE-2022-24759 (`@chainsafe/libp2p-noise` contains 
TypeScript implementation of
 CVE-2022-24758 (The Jupyter notebook is a web-based notebook environment for 
interacti ...)
        - jupyter-notebook <unfixed>
        NOTE: 
https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55
+       NOTE: 
https://github.com/jupyter/notebook/commit/c219ce43c1ea25123fa70d264e7735bdf4585b1e
 (6.4.10)
 CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core 
services, APIs, ...)
        - jupyter-server 1.16.0-1 (bug #1008319)
        NOTE: 
https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a
 (v1.15.4)


=====================================
data/dla-needed.txt
=====================================
@@ -82,6 +82,9 @@ golang-github-hashicorp-go-getter
 golang-go.crypto
   NOTE: 20220331: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 -> 
DLA-2453-1/DLA-2454-1/DLA-2455-1; also check buster status (Beuc/front-desk)
 --
+grunt
+  NOTE: 20220528: upcoming stable update (cf. #1010211) + 1 new CVE 
(Beuc/front-desk)
+--
 halibut (Anton)
   NOTE: 20220528: Programming language C.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/62cefbc3566f43f4791a3775d7ac0a7cd69e0399...65b762206479ef7c0da22fe6379a9d7263adbf30

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/62cefbc3566f43f4791a3775d7ac0a7cd69e0399...65b762206479ef7c0da22fe6379a9d7263adbf30
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to