Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
75fd96f9 by Salvatore Bonaccorso at 2025-10-07T08:00:32+02:00
Remove reference to commit
Yadd mentioned in #1117504, that the patch does nothing (a try/catch on
an sync method won't catch anything).
The bug likely need to be properly reported upstream?
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3076,7 +3076,6 @@ CVE-2025-11149 (This affects all versions of the package
node-static; all versio
- node-static <unfixed> (bug #1117504)
[trixie] - node-static <no-dsa> (Minor issue)
[bookworm] - node-static <no-dsa> (Minor issue)
- NOTE:
https://github.com/cloudhead/node-static/commit/78879dc665f0f7137063794b6e0b6203a81c7f67
(v0.1.0)
CVE-2025-11148 (All versions of the package check-branches are vulnerable to
Command I ...)
NOT-FOR-US: check-branches Node.js package
CVE-2025-10991 (The attacker may obtain root access by connecting to the UART
port and ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75fd96f95876aab0dcb613e842ceec9247b0f2ff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75fd96f95876aab0dcb613e842ceec9247b0f2ff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
