Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5cede634 by Bastien Roucariès at 2026-05-23T22:55:05+02:00
CVE-2026-21710/bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35317,8 +35317,10 @@ CVE-2026-21711 (A flaw in Node.js Permission Model
network enforcement leaves Un
CVE-2026-21710 (A flaw in Node.js HTTP request handling causes an uncaught
`TypeError` ...)
{DSA-6272-1 DSA-6183-1}
- nodejs 22.22.2+dfsg+~cs22.19.15-1
+ [bullseye] - nodejs <not-affected> (vulnerable code introduced in
v18.3.0)
NOTE:
https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#denial-of-service-via-__proto__-header-name-in-reqheadersdistinct-uncaught-typeerror-crashes-nodejs-process-cve-2026-21710---high
NOTE: Fixed by:
https://github.com/nodejs/node/commit/00ad47a28eb2e3dc0ff5610d58c53341acf3cf8d
(v20.20.2)
+ NOTE: Introduced by
https://github.com/nodejs/node/commit/9539cfa35817ea3ad61eccd2ed0572cc5c449d03
(v18.3.0)
CVE-2026-31788 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
{DSA-6243-1 DSA-6238-1 DLA-4561-1}
- linux 6.19.10-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cede6342631504ebd8dade188e81e9a4f63f2d7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cede6342631504ebd8dade188e81e9a4f63f2d7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
