[Git][security-tracker-team/security-tracker][master] 2 commits: Take nodejs

Sun, 23 Feb 2025 14:57:51 -0800 


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5b5ecaec by Bastien Roucariès at 2025-02-23T22:10:13+00:00
Take nodejs

- - - - -
6456b63c by Bastien Roucariès at 2025-02-23T22:56:59+00:00
CVE-2025-23083/bullseye

Vulnerable code is not present

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8443,8 +8443,11 @@ CVE-2025-23084 (A vulnerability has been identified in 
Node.js, specifically aff
        NOTE: Fixed by: 
https://github.com/nodejs/node/commit/0afc6f960017708df3870ff1d61249443873637b 
(v23.6.1)
 CVE-2025-23083 (With the aid of the diagnostics_channel utility, an event can 
be hooke ...)
        - nodejs 20.18.2+dfsg-1 (bug #1094134)
+       [bullseye] - nodejs <not-affected> (vulnerable code introduced later)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#worker-permission-bypass-via-internalworker-leak-in-diagnostics-cve-2025-23083---high
        NOTE: Fixed by: 
https://github.com/nodejs/node/commit/51938f023aac90dc1dc0bc1f743501788613210e 
(v23.6.1)
+       NOTE: Introduced by: https://github.com/nodejs/node/pull/44710
+       NOTE: This feature was backported to 20.x but not for older version
 CVE-2025-23195 (An XML External Entity (XXE) vulnerability exists in the 
Ambari/Oozie  ...)
        NOT-FOR-US: Apache Ambari
 CVE-2025-23196 (A code injection vulnerability exists in the Ambari Alert 
Definition   ...)


=====================================
data/dla-needed.txt
=====================================
@@ -177,7 +177,7 @@ nagvis
 nginx (andrewsh)
   NOTE: 20250207: Added by Front-Desk (apo)
 --
-nodejs
+nodejs (rouca)
   NOTE: 20250122: Added by Front-Desk (lamby)
   NOTE: 20250217: Upcoming DSA, coordinate with security team (Beuc/front-desk)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fd95e92eac91baeac6aba3d8282c0e06e00ee1f4...6456b63ce9bf39988451b23773a7328605bba300

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fd95e92eac91baeac6aba3d8282c0e06e00ee1f4...6456b63ce9bf39988451b23773a7328605bba300
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to