Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4abda771 by Utkarsh Gupta at 2023-01-31T02:54:50+05:30
Reserve DLA-3295-1 for node-moment
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -58694,7 +58694,6 @@ CVE-2022-31130 (Grafana is an open source observability
and data visualization p
CVE-2022-31129 (moment is a JavaScript date library for parsing, validating,
manipulat ...)
- node-moment 2.29.4+ds-1 (bug #1014845)
[bullseye] - node-moment 2.29.1+ds-2+deb11u2
- [buster] - node-moment <no-dsa> (Minor issue)
NOTE:
https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3
(2.29.4)
NOTE: https://github.com/moment/moment/pull/6015#issuecomment-1152961973
NOTE:
https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
@@ -77426,7 +77425,6 @@ CVE-2022-24786 (PJSIP is a free and open source
multimedia communication library
CVE-2022-24785 (Moment.js is a JavaScript date library for parsing,
validating, manipu ...)
- node-moment 2.29.2+ds-1 (bug #1009327)
[bullseye] - node-moment 2.29.1+ds-2+deb11u1
- [buster] - node-moment <no-dsa> (Minor issue)
[stretch] - node-moment <end-of-life> (Nodejs in stretch not covered by
security support)
NOTE:
https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4
NOTE:
https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5
(2.29.2)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jan 2023] DLA-3295-1 node-moment - security update
+ {CVE-2022-24785 CVE-2022-31129}
+ [buster] - node-moment 2.24.0+ds-1+deb10u1
[30 Jan 2023] DLA-3294-1 libarchive - security update
{CVE-2022-36227}
[buster] - libarchive 3.3.3-4+deb10u3
=====================================
data/dla-needed.txt
=====================================
@@ -173,10 +173,6 @@ node-got
NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
NOTE: 20221223: Module has been rewritten in Typescript since Buster
released (lamby).
--
-node-moment
- NOTE: 20221111: Programming language: JavaScript.
- NOTE: 20221111: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk)
---
node-nth-check
NOTE: 20221111: Programming language: JavaScript.
NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4abda771f80df8767b1c7d160aee8cbb78f169fa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4abda771f80df8767b1c7d160aee8cbb78f169fa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
