Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
df3bfa4b by Salvatore Bonaccorso at 2026-02-01T21:00:10+01:00
Track fixed version for CVE-2025-13465/node-lodash via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3992,7 +3992,7 @@ CVE-2025-13878 (Malformed BRID/HHIT records can cause
`named` to terminate unexp
NOTE: Fixed by:
https://gitlab.isc.org/isc-projects/bind9/-/commit/d4c0d617015625330f08a3f86a10a533cec0f6ec
(v9.20.18)
NOTE: Fixed by:
https://gitlab.isc.org/isc-projects/bind9/-/commit/7bf83f69a80bdc6094c2adee3595e28b1b3e19ea
(v9.21.17)
CVE-2025-13465 (Lodash versions 4.0.0 through 4.17.22 are vulnerable to
prototype poll ...)
- - node-lodash <unfixed> (bug #1126265)
+ - node-lodash 4.17.21+dfsg+~cs8.31.198.20210220-10 (bug #1126265)
[trixie] - node-lodash <no-dsa> (Minor issue)
[bookworm] - node-lodash <no-dsa> (Minor issue)
NOTE:
https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df3bfa4b8a3d2c2db7065db457d240afbb67989d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df3bfa4b8a3d2c2db7065db457d240afbb67989d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
