[Git][security-tracker-team/security-tracker][master] nodejs, apache bullseye security fixes

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Aug 12 21:50:15 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8bd00a83 by Moritz Mühlenhoff at 2021-08-12T22:49:47+02:00
nodejs, apache bullseye security fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12371,6 +12371,7 @@ CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allow
 CVE-2021-33193 [Apache mod_proxy HTTP2 request line injection]
 	RESERVED
 	- apache2 2.4.48-4
+	[bullseye] - apache2 2.4.48-3.1+deb11u1
 	NOTE: https://portswigger.net/research/http2
 	NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c
 CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...)
@@ -37427,6 +37428,7 @@ CVE-2021-22940
 CVE-2021-22939
 	RESERVED
 	- nodejs 12.22.5~dfsg-1
+	[bullseye] - nodejs 12.22.5~dfsg-2~11u1
 	NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939
 CVE-2021-22938
 	RESERVED
@@ -37447,6 +37449,7 @@ CVE-2021-22931
 CVE-2021-22930 [Use after free on close http2 on stream canceling]
 	RESERVED
 	- nodejs 12.22.4~dfsg-1
+	[bullseye] - nodejs 12.22.5~dfsg-2~11u1
 	[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://github.com/nodejs/node/commit/b263f2585ab53f56e0e22b46cf1f8519a8af8a05
 	NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22930



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bd00a830b52d532d0e484e9f4f4d47bca38c718

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bd00a830b52d532d0e484e9f4f4d47bca38c718
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210812/2042710c/attachment.htm>

More information about the debian-security-tracker-commits mailing list