Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d845a1b by Sylvain Beucler at 2023-10-05T18:39:55+02:00
CVE-2023-43646/node-get-func-name, CVE-2023-44270/node-postcss: buster postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -744,6 +744,7 @@ CVE-2023-44270 (An issue was discovered in PostCSS before
8.4.31. It affects lin
- node-postcss <unfixed> (bug #1053282)
[bookworm] - node-postcss <no-dsa> (Minor issue)
[bullseye] - node-postcss <no-dsa> (Minor issue)
+ [buster] - node-postcss <postponed> (Minor issue)
NOTE:
https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5
(8.4.31)
CVE-2023-43711 (Os Commerce is currently susceptible to a Cross-Site Scripting
(XSS) v ...)
NOT-FOR-US: Os Commerce
@@ -1670,6 +1671,7 @@ CVE-2023-43646 (get-func-name is a module to retrieve a
function's name securely
- node-get-func-name <unfixed> (bug #1053262)
[bookworm] - node-get-func-name <no-dsa> (Minor issue)
[bullseye] - node-get-func-name <no-dsa> (Minor issue)
+ [buster] - node-get-func-name <postponed> (Minor issue, ReDoS)
NOTE:
https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5
NOTE:
https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69
(v2.0.1)
CVE-2023-43614 (Cross-site scripting vulnerability in Order Data Edit page of
Welcart ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d845a1b42b90d6f3d9bbe3b775ec47484fc5a5d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d845a1b42b90d6f3d9bbe3b775ec47484fc5a5d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
