[Git][security-tracker-team/security-tracker][master] Reserve DLA-3137-1 for nodejs

Wed, 05 Oct 2022 06:46:41 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4f5f9af6 by Sylvain Beucler at 2022-10-05T15:46:06+02:00
Reserve DLA-3137-1 for nodejs

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -121503,7 +121503,6 @@ CVE-2021-22941 (Improper Access Control in Citrix 
ShareFile storage zones contro
 CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a 
use aft ...)
        - nodejs 12.22.5~dfsg-1
        [bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 
not applied)
-       [buster] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not 
applied)
        [stretch] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 
not applied)
        NOTE: https://github.com/nodejs/node/pull/39423
        NOTE: 
https://github.com/nodejs/node/commit/2008c9722fcf7591e39013691f303934b622df7b 
(v12.22.5)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[05 Oct 2022] DLA-3137-1 nodejs - security update
+       {CVE-2021-22930 CVE-2021-22939 CVE-2021-22940 CVE-2022-21824 
CVE-2022-32212}
+       [buster] - nodejs 10.24.0~dfsg-1~deb10u2
 [04 Oct 2022] DLA-3136-1 barbican - security update
        {CVE-2022-3100}
        [buster] - barbican 1:7.0.0-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -106,12 +106,6 @@ netatalk
 node-tar
   NOTE: 20220907: Programming language: JavaScript.
 --
-nodejs (Sylvain Beucler)
-  NOTE: 20220801: Programming language: JavaScript, C/C++, Python.
-  NOTE: 20220801: one of the upstream fixes doesn't address the security issue 
(jmm)
-  NOTE: 20220912: backporting patches and determining testing procedures (Beuc)
-  NOTE: 20220926: resuming work after 1 week of FD + other side tasks (Beuc)
---
 openexr
   NOTE: 20220904: Programming language: C++.
   NOTE: 20220904: Should be synced with Stretch. (apo)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5f9af6437aa0c0842b5e3c801a2cab1adaff1c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f5f9af6437aa0c0842b5e3c801a2cab1adaff1c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to