Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4f1723fd by Salvatore Bonaccorso at 2026-06-19T06:01:11+02:00
Track two more CVEs as fixed in unstable upload for nodejs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,7 +26,7 @@ CVE-2026-48618
        - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#nodejs-unicode-dot-separator-handling-can-lead-to-tls-wildcard-depth-authentication-bypass-due-to-resolver-and-verifier-hostname-normalization-mismat-cve-2026-48618---high
 CVE-2026-48933
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#nodejs-webcrypto-aes-integer-overflow-leads-to-remote-process-abort-dos-cve-2026-48933---high
 CVE-2026-9815 (The MagicForm WordPress plugin through 0.1.3 does not properly 
validat ...)
        NOT-FOR-US: WordPress plugin
@@ -116,7 +116,7 @@ CVE-2026-48985 (pam_usb provides hardware authentication 
for Linux using ordinar
 CVE-2026-48984 (pam_usb provides hardware authentication for Linux using 
ordinary remo ...)
        NOT-FOR-US: pam_usb
 CVE-2026-48937 (A flaw in Node.js HTTP/2 server API can cause servers to keep 
acceptin ...)
-       - nodejs <unfixed>
+       - nodejs 24.17.0+dfsg+~cs24.13.2-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#http2-sessions-never-clean-up-after-goaway-on-invalid-protocol-errors-cve-2026-48937---medium
 CVE-2026-48617 (A flaw in Node.js Permission Model enforcement allows Bypass 
via `proc ...)
        - nodejs 24.17.0+dfsg+~cs24.13.2-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f1723fd06c91da18890a710f19b094d0515253c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f1723fd06c91da18890a710f19b094d0515253c
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to