al:
> >> > Le jeu. 21 déc. 2023 à 10:54, Moritz Muehlenhoff a
> >> écrit :
> >> >
> >> > > On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote:
> >> > > > Hi,
> >> > > >
> >> > > > [CC&
On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote:
> Hi,
>
> [CC'ing node-undici uploader]
> > >> Ack, let's do that. Could you prepare bookworm-security updates
> > >> based on 18.17.0 (after it has landed in unstable)?
> > >
> > nodejs 18.19.0 has landed in testing.
> > It reb
Package: iotjs
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
There's multiple security issues in jerryscript, which is included in
iotjs:
CVE-2021-26199:
https://github.com/jerryscript-project/jerryscript/issues/4056
CVE-2021-26198:
https://github.com/jerryscript-project
Package: node-css-what
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2021-33587:
https://github.com/fb55/css-what/releases/tag/v5.0.1
Patch:
https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655
Cheers,
Moritz
Package: node-got
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
node-got bundles a copy of normalize-url, which is affected by CVE-2021-33502:
https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
Patch:
https://github.com/sindresorhus/normalize-url/commit/b1f
Source: three.js
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2020-28496:
https://github.com/mrdoob/three.js/issues/21132
https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e
Cheers,
Moritz
--
Pk
Package: iotjs
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2020-24344:
https://github.com/jerryscript-project/jerryscript/issues/3976
https://github.com/jerryscript-project/jerryscript/commit/841d536fce1ce29267cdf0ea12be4026e1c35d3a
Cheers,
On Tue, Mar 30, 2021 at 11:00:00PM +0200, Yadd wrote:
> Le 30/03/2021 à 21:40, Salvatore Bonaccorso a écrit :
> > Source: underscore
> > Version: 1.9.1~dfsg-1
> > Severity: grave
> > Tags: security upstream
> > Justification: user security hole
> > X-Debbugs-Cc: car...@debian.org, Debian Security T
Package: node-lodash
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
CVE-2021-23337:
https://snyk.io/vuln/SNYK-JS-LODASH-1040724
CVE-2020-28500:
https://snyk.io/vuln/SNYK-JS-LODASH-1018905
Cheers,
Moritz
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@aliot
Package: node-ansi-up
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team
This was assigned CVE-2021-3377:
https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf
https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
Cheers,
Moritz
Package: iotjs
Severity: minor
The build deps currently state "python3 | python", but you can safely
remove python entirely. Python 2 will be removed at some point and
even very old Debian releases (if you care about backports to older
suites) already provide some version of Python 3.
Package: nodejs
Severity: grave
Tags: security
nodejs is affected by some of the recently announced HTTP2 issues:
https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Cheers,
Mori
Package: node-braces
Severity: important
Tags: security
Please see https://snyk.io/vuln/npm:braces:20180219
Patch:
https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
Cheers,
Moritz
--
Pkg-javascript-devel mailing list
Pkg-javascript-d
Package: node-fresh
Severity: important
Tags: security
Please see https://www.npmjs.com/advisories/526
Cheers,
Moritz
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
Package: node-ws
Severity: grave
Tags: security
Please see
https://nodesecurity.io/advisories/120
https://github.com/nodejs/node/issues/7388
Cheers,
Moritz
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mail
Source: node-xterm
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0542
Cheers,
Moritz
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascri
Source: dojo
Severity: grave
Tags: security
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6561
Cheers,
Moritz
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
17 matches
Mail list logo