[Git][security-tracker-team/security-tracker][master] Reserve DLA-3271-1 for node-minimatch

Sun, 15 Jan 2023 07:21:05 -0800 


Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f8b040c by Guilhem Moulin at 2023-01-15T16:20:33+01:00
Reserve DLA-3271-1 for node-minimatch

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -23083,7 +23083,6 @@ CVE-2022-42920 (Apache Commons BCEL has a number of 
APIs that would normally onl
 CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw 
allows a ...)
        - node-minimatch 3.0.5+~3.0.5-1
        [bullseye] - node-minimatch 3.0.4+~3.0.3-1+deb11u1
-       [buster] - node-minimatch <no-dsa> (Minor issue)
        NOTE: https://github.com/grafana/grafana-image-renderer/issues/329
        NOTE: 
https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6
 (v3.0.5)
        NOTE: Regression follow-up: 
https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Jan 2023] DLA-3271-1 node-minimatch - security update
+       {CVE-2022-3517}
+       [buster] - node-minimatch 3.0.4-3+deb10u1
 [15 Jan 2023] DLA-3270-1 net-snmp - security update
        {CVE-2022-44792 CVE-2022-44793}
        [buster] - net-snmp 5.7.3+dfsg-5+deb10u4


=====================================
data/dla-needed.txt
=====================================
@@ -180,10 +180,6 @@ node-got
   NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
   NOTE: 20221223: Module has been rewritten in Typescript since Buster 
released (lamby).
 --
-node-minimatch (guilhem)
-  NOTE: 20230105: Programming language: JavaScript.
-  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
---
 node-moment (Utkarsh)
   NOTE: 20221111: Programming language: JavaScript.
   NOTE: 20221111: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f8b040c54c03454f6df15f9c3d726336bb43ad9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f8b040c54c03454f6df15f9c3d726336bb43ad9
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to