[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-22940 as not affected for bullseye and older
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 12 05:27:33 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7f50898 by Salvatore Bonaccorso at 2021-08-12T06:26:38+02:00
Mark CVE-2021-22940 as not affected for bullseye and older
As the incomplete fix was never applied to those suites, src:nodejs is
only affected by CVE-2021-22930 and needs just to contain the complete
fix.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37295,6 +37295,9 @@ CVE-2021-22941
CVE-2021-22940
RESERVED
- nodejs 12.22.5~dfsg-1
+ [bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
+ [buster] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
+ [stretch] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940
CVE-2021-22939
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7f5089870d649a3fbe8c28d973914cd45770dfd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7f5089870d649a3fbe8c28d973914cd45770dfd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210812/a86fc09d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list