[Git][security-tracker-team/security-tracker][master] Add CVE-2024-3026{0,1}/node-undici

Thu, 04 Apr 2024 13:41:01 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d59b610b by Salvatore Bonaccorso at 2024-04-04T22:40:24+02:00
Add CVE-2024-3026{0,1}/node-undici

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24,9 +24,16 @@ CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 
19.0.0 release of Was
 CVE-2024-30263 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla 
pdf.js.  ...)
        NOT-FOR-US: PDF Viewer Macro for XWiki
 CVE-2024-30261 (Undici is an HTTP/1.1 client, written from scratch for 
Node.js. An att ...)
-       TODO: check
+       - node-undici <unfixed>
+       NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672
+       NOTE: 
https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055
 (v5.28.4)
+       NOTE: 
https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3
 (v6.11.1)
+       NOTE: https://hackerone.com/reports/2377760
 CVE-2024-30260 (Undici is an HTTP/1.1 client, written from scratch for 
Node.js. Undici ...)
-       TODO: check
+       - node-undici <unfixed>
+       NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7
+       NOTE: 
https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f
 (v5.28.4)
+       NOTE: 
https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75
 (v6.11.1)
 CVE-2024-30254 (MesonLSP is an unofficial, unendorsed language server for 
meson writte ...)
        TODO: check
 CVE-2024-30252 (Livemarks is a browser extension that provides RSS feed 
bookmark folde ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d59b610bda05567b7328dc0d71b5ac12bd8b196f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d59b610bda05567b7328dc0d71b5ac12bd8b196f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to