[Git][security-tracker-team/security-tracker][master] new jpeg-xl, node-got issues

Mon, 20 Jun 2022 03:55:54 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c60d9310 by Moritz Muehlenhoff at 2022-06-20T12:55:05+02:00
new jpeg-xl, node-got issues
ruby-octokit n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -294,7 +294,8 @@ CVE-2022-34002
 CVE-2022-34001
        RESERVED
 CVE-2022-34000 (libjxl 0.6.1 has an assertion failure in 
LowMemoryRenderPipeline::Init ...)
-       TODO: check
+       - jpeg-xl <unfixed>
+       NOTE: https://github.com/libjxl/libjxl/issues/1477
 CVE-2022-33948
        RESERVED
 CVE-2022-33999
@@ -342,7 +343,10 @@ CVE-2022-33989
 CVE-2022-33988
        RESERVED
 CVE-2022-33987 (The got package before 12.1.0 for Node.js allows a redirect to 
a UNIX  ...)
-       TODO: check
+       - node-got <unfixed>
+       [bullseye] - node-got <no-dsa> (Minor issue)
+       [buster] - node-got <no-dsa> (Minor issue)
+       NOTE: https://github.com/sindresorhus/got/pull/2047
 CVE-2022-33986
        RESERVED
 CVE-2022-33985
@@ -7694,7 +7698,8 @@ CVE-2022-31074
 CVE-2022-31073
        RESERVED
 CVE-2022-31072 (Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 
and 4.24 ...)
-       TODO: check
+       - ruby-octokit <not-affected> (No vulnerable version was uploaded to 
the archive)
+       NOTE: 
https://github.com/octokit/octokit.rb/security/advisories/GHSA-g28x-pgr3-qqx6
 CVE-2022-31071 (Octopoller is a micro gem for polling and retrying. Version 
0.2.0 of t ...)
        NOT-FOR-US: Octopoller
 CVE-2022-31070 (NestJS Proxy is a NestJS module to decorate and proxy calls. 
Prior to  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c60d93100a230e09116a82d3e7517878fe3971bc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c60d93100a230e09116a82d3e7517878fe3971bc
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to