[Pkg-javascript-devel] Bug#1039990: Bug#1039990: Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

al: > >> > Le jeu. 21 déc. 2023 à 10:54, Moritz Muehlenhoff a > >> écrit : > >> > > >> > > On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote: > >> > > > Hi, > >> > > > > >> > > > [CC&

[Pkg-javascript-devel] Bug#1039990: Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590

On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote: > Hi, > > [CC'ing node-undici uploader] > > >> Ack, let's do that. Could you prepare bookworm-security updates > > >> based on 18.17.0 (after it has landed in unstable)? > > > > > nodejs 18.19.0 has landed in testing. > > It reb

[Pkg-javascript-devel] Bug#989991: Multiple jerryscript security issues

Package: iotjs Severity: important Tags: security X-Debbugs-Cc: Debian Security Team There's multiple security issues in jerryscript, which is included in iotjs: CVE-2021-26199: https://github.com/jerryscript-project/jerryscript/issues/4056 CVE-2021-26198: https://github.com/jerryscript-project

[Pkg-javascript-devel] Bug#989264: CVE-2021-33587

Package: node-css-what Severity: important Tags: security X-Debbugs-Cc: Debian Security Team This was assigned CVE-2021-33587: https://github.com/fb55/css-what/releases/tag/v5.0.1 Patch: https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655 Cheers, Moritz

[Pkg-javascript-devel] Bug#989258: CVE-2021-33502

Package: node-got Severity: important Tags: security X-Debbugs-Cc: Debian Security Team node-got bundles a copy of normalize-url, which is affected by CVE-2021-33502: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1 Patch: https://github.com/sindresorhus/normalize-url/commit/b1f

[Pkg-javascript-devel] Bug#988726: CVE-2020-28496

Source: three.js Severity: important Tags: security X-Debbugs-Cc: Debian Security Team This was assigned CVE-2020-28496: https://github.com/mrdoob/three.js/issues/21132 https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e Cheers, Moritz -- Pk

[Pkg-javascript-devel] Bug#988213: CVE-2020-24344

Package: iotjs Severity: important Tags: security X-Debbugs-Cc: Debian Security Team This was assigned CVE-2020-24344: https://github.com/jerryscript-project/jerryscript/issues/3976 https://github.com/jerryscript-project/jerryscript/commit/841d536fce1ce29267cdf0ea12be4026e1c35d3a Cheers,

[Pkg-javascript-devel] Bug#986171: underscore: CVE-2021-23358

On Tue, Mar 30, 2021 at 11:00:00PM +0200, Yadd wrote: > Le 30/03/2021 à 21:40, Salvatore Bonaccorso a écrit : > > Source: underscore > > Version: 1.9.1~dfsg-1 > > Severity: grave > > Tags: security upstream > > Justification: user security hole > > X-Debbugs-Cc: car...@debian.org, Debian Security T

[Pkg-javascript-devel] Bug#985086: CVE-2021-23337 CVE-2020-28500

Package: node-lodash Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team CVE-2021-23337: https://snyk.io/vuln/SNYK-JS-LODASH-1040724 CVE-2020-28500: https://snyk.io/vuln/SNYK-JS-LODASH-1018905 Cheers, Moritz -- Pkg-javascript-devel mailing list Pkg-javascript-devel@aliot

[Pkg-javascript-devel] Bug#984667: CVE-2021-3377

Package: node-ansi-up Severity: important Tags: security X-Debbugs-Cc: Debian Security Team This was assigned CVE-2021-3377: https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27 Cheers, Moritz

[Pkg-javascript-devel] Bug#972975: Remove alternative build dep on Python

Package: iotjs Severity: minor The build deps currently state "python3 | python", but you can safely remove python entirely. Python 2 will be removed at some point and even very old Debian releases (if you care about backports to older suites) already provide some version of Python 3.

[Pkg-javascript-devel] Bug#934885: August 2019 security release

Package: nodejs Severity: grave Tags: security nodejs is affected by some of the recently announced HTTP2 issues: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md Cheers, Mori

[Pkg-javascript-devel] Bug#927716: CVE-2018-1109

Package: node-braces Severity: important Tags: security Please see https://snyk.io/vuln/npm:braces:20180219 Patch: https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451 Cheers, Moritz -- Pkg-javascript-devel mailing list Pkg-javascript-d

[Pkg-javascript-devel] Bug#927715: CVE-2017-16119

Package: node-fresh Severity: important Tags: security Please see https://www.npmjs.com/advisories/526 Cheers, Moritz -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#927671: CVE-2016-10542

Package: node-ws Severity: grave Tags: security Please see https://nodesecurity.io/advisories/120 https://github.com/nodejs/node/issues/7388 Cheers, Moritz -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mail

[Pkg-javascript-devel] Bug#926670: CVE-2019-0542

Source: node-xterm Severity: grave Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0542 Cheers, Moritz -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascri

[Pkg-javascript-devel] Bug#898944: CVE-2018-6561

Source: dojo Severity: grave Tags: security https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6561 Cheers, Moritz -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel