[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-21306/node-marked

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
303ccf54 by Salvatore Bonaccorso at 2021-02-14T08:46:06+01:00
Update status for CVE-2021-21306/node-marked

Vulnerable code introduced after the 1.0.0 release and likely in 1.1.1
only. Double-checked with maintainer confirming the issue is not present
in our releases.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14294,10 +14294,9 @@ CVE-2021-21308
 CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and scripting lan ...)
 	NOT-FOR-US: Lucee Server
 CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...)
-	- node-marked <unfixed>
+	- node-marked <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
 	NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
-	TODO: might not affect <= 0.8, needs to be verified
 CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
 	- ruby-carrierwave <unfixed> (bug #982551)
 	NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/303ccf5452cf2f55329768dcbe0adba642af4437

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/303ccf5452cf2f55329768dcbe0adba642af4437
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210214/b075977d/attachment-0001.html>