Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 13c257cc by Sylvain Beucler at 2026-01-02T22:01:05+01:00 node-node-forge: proposed for EOL https://salsa.debian.org/debian/debian-security-support/-/merge_requests/54 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -16953,12 +16953,12 @@ CVE-2025-66035 (Angular is a development platform for building mobile and deskto TODO: check, might not affect 1.x versions of Angular, code is significantly diverging CVE-2025-66031 (Forge (also called `node-forge`) is a native implementation of Transpo ...) - node-node-forge <removed> - [bullseye] - node-node-forge <postponed> (Minor issue, no reverse dependencies) + [bullseye] - node-node-forge <postponed> (Minor issue, proposed for EOL) NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27 NOTE: https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451 (v1.3.2) CVE-2025-66030 (Forge (also called `node-forge`) is a native implementation of Transpo ...) - node-node-forge <removed> - [bullseye] - node-node-forge <postponed> (Minor issue, no reverse dependencies) + [bullseye] - node-node-forge <postponed> (Minor issue, proposed for EOL) NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g NOTE: https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb (v1.3.2) CVE-2025-65202 (TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command inje ...) @@ -17489,7 +17489,7 @@ CVE-2025-13467 (A flaw was found in the Keycloak LDAP User Federation provider. - keycloak <itp> (bug #1088287) CVE-2025-12816 (An interpretation-conflict (CWE-436) vulnerability in node-forge versi ...) - node-node-forge <removed> - [bullseye] - node-node-forge <postponed> (Minor issue, no reverse dependencies) + [bullseye] - node-node-forge <postponed> (Minor issue, proposed for EOL) NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq NOTE: Fixed by: https://github.com/digitalbazaar/forge/commit/a05dd812ec2de46ece35a11ab4b46c9d283d1505 (v1.3.2) NOTE: https://github.com/digitalbazaar/forge/blob/235ad3e70e4fdfdca4fdeb662dfba6588e2c38bd/tests/security/cve-2025-12816.js (Tests added) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c257ccb3ad3082ea1477196cd174ca1f3eb608 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c257ccb3ad3082ea1477196cd174ca1f3eb608 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
