Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc7a7b4d by Sylvain Beucler at 2022-10-03T12:53:56+02:00
CVE-2022-35256/nodejs: reference patches, buster not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17739,8 +17739,11 @@ CVE-2022-35257 (A local privilege escalation
vulnerability in UI Desktop for Win
CVE-2022-35256 [HTTP Request Smuggling Due to Incorrect Parsing of Header
Fields]
RESERVED
- nodejs 18.10.0+dfsg-1
+ [buster] - nodejs <not-affected> (llhttp dependency/embedding
introduced in 12.x)
- llhttp <itp> (bug #977716)
NOTE:
https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256
+ NOTE:
https://github.com/nodejs/node/commit/2e92e5b71d071cb989d8d109d278427041a47e44
(main)
+ NOTE:
https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0
(v14.20.1)
CVE-2022-35255 [Weak randomness in WebCrypto keygen]
RESERVED
- nodejs 18.10.0+dfsg-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc7a7b4d099479af64d325cf3bbd4b811c757c87
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc7a7b4d099479af64d325cf3bbd4b811c757c87
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
