Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
661627bb by Salvatore Bonaccorso at 2023-06-12T21:00:40+02:00
Update information for CVE-2023-34104/node-webfont
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -514,9 +514,10 @@ CVE-2023-34409 (In Percona Monitoring and Management (PMM)
server 2.x before 2.3
CVE-2023-34111 (The `Release PR Merged` workflow in the github repo
taosdata/grafanapl ...)
NOT-FOR-US: taosdata/grafanaplugin
CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser.
fast-xm ...)
- - node-webfont <unfixed>
+ - node-webfont <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw
- NOTE:
https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c
(v4.2.3)
+ NOTE: Introduced by:
https://github.com/NaturalIntelligence/fast-xml-parser/commit/a4bdced80369892ee413bf08e28b78795a2b0d5b
(v4.1.3)
+ NOTE: Fixed by:
https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c
(v4.2.3)
CVE-2023-33977 (Kiwi TCMS is an open source test management system for both
manual and ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and
container ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/661627bb76eaca4f5caf787b5aef24aa6cbe67a2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/661627bb76eaca4f5caf787b5aef24aa6cbe67a2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
