[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust tracking for CVE-2022-37601: Associate with node-loader-utils

Thu, 10 Nov 2022 03:33:06 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
32b1ce60 by Salvatore Bonaccorso at 2022-11-10T12:32:11+01:00
Adjust tracking for CVE-2022-37601: Associate with node-loader-utils

- - - - -
1e284f74 by Salvatore Bonaccorso at 2022-11-10T12:32:12+01:00
Track two more CVEs for node-loader-utils

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22160,15 +22160,19 @@ CVE-2022-37605
 CVE-2022-37604
        RESERVED
 CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found 
in Funct ...)
-       NOT-FOR-US: loader-utils
+       - node-loader-utils <unfixed>
+       NOTE: https://github.com/webpack/loader-utils/issues/213
 CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma 
4.0.1 vi ...)
        NOT-FOR-US: karma-runner grunt-karma
 CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in 
parseQuery ...)
-       NOT-FOR-US: loader-utils
+       - node-loader-utils 2.0.3-1
+       NOTE: https://github.com/webpack/loader-utils/issues/212
+       NOTE: 
https://github.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c
 (v2.0.3)
 CVE-2022-37600
        RESERVED
 CVE-2022-37599 (A Regular expression denial of service (ReDoS) flaw was found 
in Funct ...)
-       NOT-FOR-US: loader-utils
+       - node-loader-utils <unfixed>
+       NOTE: https://github.com/webpack/loader-utils/issues/211
 CVE-2022-37598 (Prototype pollution vulnerability in function DEFNODE in 
ast.js in mis ...)
        - uglify-js <unfixed> (unimportant)
        - uglifyjs <removed> (unimportant)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/023a0626fb934a8b7a2093939b6bd07503469167...1e284f7425b9ac6ec8e88447c2ad33042866931a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/023a0626fb934a8b7a2093939b6bd07503469167...1e284f7425b9ac6ec8e88447c2ad33042866931a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to