Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e540d63e by Salvatore Bonaccorso at 2025-11-29T17:32:39+01:00
Update status for CVE-2025-13466/node-body-parser
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1022,10 +1022,11 @@ CVE-2025-13511
REJECTED
CVE-2025-13466 (body-parser 2.2.0 is vulnerable to denial of service due to
inefficien ...)
- node-body-parser <unfixed> (bug #1121417)
- [trixie] - node-body-parser <no-dsa> (Minor issue)
- [bookworm] - node-body-parser <no-dsa> (Minor issue)
- [bullseye] - node-body-parser <postponed> (Minor issue)
+ [trixie] - node-body-parser <not-affected> (Vulnerable code introduced
later)
+ [bookworm] - node-body-parser <not-affected> (Vulnerable code
introduced later)
+ [bullseye] - node-body-parser <not-affected> (Vulnerable code
introduced later)
NOTE:
https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4
+ NOTE: Introduced with:
https://github.com/expressjs/body-parser/commit/f27f2ced83d2f2a19e5305d09b4e31dec75b3e5c
(v2.2.0)
NOTE: Fixed by:
https://github.com/expressjs/body-parser/commit/b204886a6744b0b6d297cd0e849d75de836f3b63
(v2.2.1)
CVE-2025-12978 (Fluent Bit in_http, in_splunk, and in_elasticsearch input
plugins cont ...)
NOT-FOR-US: Fluent Bit
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e540d63e3bc1a7e3a25cfba843bc5b833538d914
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e540d63e3bc1a7e3a25cfba843bc5b833538d914
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
