[Git][security-tracker-team/security-tracker][master] 2 commits: dla-needed.txt: Add note for node-object-path.

Thu, 22 Dec 2022 23:09:20 -0800 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5fb07af8 by Chris Lamb at 2022-12-23T07:04:32+00:00
dla-needed.txt: Add note for node-object-path.

- - - - -
6f5cf157 by Chris Lamb at 2022-12-23T07:08:18+00:00
Triage CVE-2021-23440/node-set-value for Buster LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -141010,7 +141010,7 @@ CVE-2021-23441
 CVE-2021-23440 (This affects the package set-value before <2.0.1, 
>=3.0.0 <4. ...)
        - node-set-value 3.0.1-3 (bug #994448)
        [bullseye] - node-set-value 3.0.1-2+deb11u1
-       [buster] - node-set-value <no-dsa> (Minor issue)
+       [buster] - node-set-value <not-affected> (Vulnerable code does not 
exist)
        [stretch] - node-set-value <end-of-life> (Nodejs in stretch not covered 
by security support)
        NOTE: 
https://github.com/jonschlinkert/set-value/commit/383b72d47c74a55ae8b6e231da548f9280a4296a
 (v4.0.1)
        NOTE: https://github.com/jonschlinkert/set-value/pull/33


=====================================
data/dla-needed.txt
=====================================
@@ -180,10 +180,7 @@ node-nth-check
 node-object-path
   NOTE: 20221111: Programming language: JavaScript.
   NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk)
---
-node-set-value
-  NOTE: 20221111: Programming language: JavaScript.
-  NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk)
+  NOTE: 20221223: Functional part of CVE-2021-3805 might be 
https://gist.github.com/lamby/ebf0633837f16d174138bbf36bef38f3/raw (lamby)
 --
 node-trim-newlines
   NOTE: 20221111: Programming language: JavaScript.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f1d83701ab52f52593b1bd5ce1c775f68abb9655...6f5cf15718f6c77cff3a4cd1f422f94e651d1365

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f1d83701ab52f52593b1bd5ce1c775f68abb9655...6f5cf15718f6c77cff3a4cd1f422f94e651d1365
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to