[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-22940 as not affected for bullseye and older

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 12 05:27:33 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7f50898 by Salvatore Bonaccorso at 2021-08-12T06:26:38+02:00
Mark CVE-2021-22940 as not affected for bullseye and older

As the incomplete fix was never applied to those suites, src:nodejs is
only affected by CVE-2021-22930 and needs just to contain the complete
fix.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37295,6 +37295,9 @@ CVE-2021-22941
 CVE-2021-22940
 	RESERVED
 	- nodejs 12.22.5~dfsg-1
+	[bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
+	[buster] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
+	[stretch] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
 	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940
 CVE-2021-22939
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7f5089870d649a3fbe8c28d973914cd45770dfd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7f5089870d649a3fbe8c28d973914cd45770dfd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210812/a86fc09d/attachment.htm>


More information about the debian-security-tracker-commits mailing list