Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
61e0ae69 by Salvatore Bonaccorso at 2025-05-01T23:40:47+02:00
Track now packaged node-jquery-validation issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5960,6 +5960,7 @@ CVE-2025-3573 (Versions of the package jquery-validation
before 1.20.0 are vulne
- phpmyadmin <unfixed> (bug #1104136)
[bookworm] - phpmyadmin <no-dsa> (Minor issue)
[bullseye] - phpmyadmin <postponed> (Minor Issue; barely an issue in
the phpmyadmin package XSS)
+ - node-jquery-validation <not-affected> (Fixed before initial upload to
Debian)
NOTE: https://github.com/jquery-validation/jquery-validation/pull/2462
NOTE:
https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902
NOTE: civicrm embedds jquery-validation
@@ -257760,7 +257761,9 @@ CVE-2022-31149 (ActivityWatch open-source automated
time tracker. Versions prior
CVE-2022-31148 (Shopware is an open source e-commerce software. In versions
from 5.7.0 ...)
NOT-FOR-US: Shopware
CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides
drop-in vali ...)
- NOT-FOR-US: jquery-validation
+ - node-jquery-validation <not-affected> (Fixed before initial upload to
Debian)
+ NOTE:
https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-ffmh-x56j-9rc3
+ NOTE: Fixed by:
https://github.com/jquery-validation/jquery-validation/commit/5bbd80d27fc6b607d2f7f106c89522051a9fb0dd
(1.19.5)
CVE-2022-31146 (Wasmtime is a standalone runtime for WebAssembly. There is a
bug in th ...)
NOT-FOR-US: wasmtime
CVE-2022-31145 (FlyteAdmin is the control plane for Flyte responsible for
managing ent ...)
@@ -296777,7 +296780,7 @@ CVE-2021-43308 (An exponential ReDoS (Regular
Expression Denial of Service) can
CVE-2021-43307 (An exponential ReDoS (Regular Expression Denial of Service)
can be tri ...)
NOT-FOR-US: Node semver-regex
CVE-2021-43306 (An exponential ReDoS (Regular Expression Denial of Service)
can be tri ...)
- NOT-FOR-US: Node jquery-validation
+ - node-jquery-validation <not-affected> (Fixed before initial upload to
Debian)
CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec
when parsin ...)
{DLA-3176-1}
- clickhouse 18.16.1+ds-7.3 (bug #1008216)
@@ -356428,6 +356431,7 @@ CVE-2021-21252 (The jQuery Validation Plugin provides
drop-in validation for you
[stretch] - otrs2 <ignored> (Non-free not supported)
- phpmyadmin 4:5.0.4+dfsg2-2
[stretch] - phpmyadmin <no-dsa> (Minor issue; barely an issue in the
phpmyadmin package)
+ - node-jquery-validation <not-affected> (Fixed before initial upload to
Debian)
NOTE:
https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
NOTE: not packaged, but civicrm, otrs2, and phpmyadmin embed a copy
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/401eedd288c4e83d69287b97a9f574f231156171
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61e0ae69f974b9a93142af23ffeebaba5b645c0a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61e0ae69f974b9a93142af23ffeebaba5b645c0a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
