node-express: bullseye postponed

Sylvain Beucler (@beuc) Wed, 20 Nov 2024 13:09:19 -0800


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4363867d by Sylvain Beucler at 2024-11-20T22:08:44+01:00
CVE-2024-10491/node-express: bullseye postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7051,6 +7051,7 @@ CVE-2024-22066 (There is a privilege escalation 
vulnerability in ZTE ZXR10 ZSR V
 CVE-2024-10491 (A vulnerability has been identified in the Express 
response.linksfunct ...)
        - node-express <unfixed>
        [bookworm] - node-express <no-dsa> (Minor issue)
+       [bullseye] - node-express <postponed> (Minor issue, no public patch)
        NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-10491
        NOTE: check details, affects only <=3.21.4, so possibly fixed in 
4.1.1~dfsg-1 onwards
 CVE-2024-10474 (Focus was incorrectly allowing internal links to utilize the 
app schem ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4363867da25d3af800f122ed79567ca8ef4932f1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4363867da25d3af800f122ed79567ca8ef4932f1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2024-10491/node-express: bullseye postponed

Reply via email to