Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0741bcd8 by Salvatore Bonaccorso at 2024-11-02T09:00:11+01:00
Track proposed fixes for node-dompurify via bookworm-pu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -545,6 +545,7 @@ CVE-2024-49674 (Cross-Site Request Forgery (CSRF)
vulnerability in Lukas Huser E
NOT-FOR-US: WordPress plugin
CVE-2024-48910 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS
sanitizer for H ...)
- node-dompurify 3.0.9+dfsg+~3.0.5-1
+ [bookworm] - node-dompurify <no-dsa> (Minor issue; will be fixed via
point release)
NOTE:
https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr
NOTE:
https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc
(2.4.2)
CVE-2024-48360 (Qualitor v8.24 was discovered to contain a Server-Side Request
Forgery ...)
=====================================
data/next-point-update.txt
=====================================
@@ -134,3 +134,7 @@ CVE-2024-8096
[bookworm] - curl 7.88.1-10+deb12u8
CVE-2024-7409
[bookworm] - qemu 1:7.2+dfsg-7+deb12u8
+CVE-2024-45801
+ [bookworm] - node-dompurify 2.4.1+dfsg+~2.4.0-2+deb12u1
+CVE-2024-48910
+ [bookworm] - node-dompurify 2.4.1+dfsg+~2.4.0-2+deb12u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0741bcd8e249617a586ee5f38e78dbf775559e42
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0741bcd8e249617a586ee5f38e78dbf775559e42
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
