[Git][security-tracker-team/security-tracker][master] node-jszip spu
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jul 29 16:03:37 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6561e1f by Moritz Mühlenhoff at 2021-07-29T17:03:12+02:00
node-jszip spu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -33940,6 +33940,7 @@ CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribu
TODO: check
CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...)
- node-jszip 3.5.0+dfsg-2
+ [buster] - node-jszip <no-dsa> (Minor issue)
NOTE: https://github.com/Stuk/jszip/pull/766
NOTE: https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36
CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Injection ...)
=====================================
data/next-point-update.txt
=====================================
@@ -75,3 +75,5 @@ CVE-2021-28678
[buster] - pillow 5.4.1-2+deb10u3
CVE-2021-34552
[buster] - pillow 5.4.1-2+deb10u3
+CVE-2021-23413
+ [buster] - node-jszip 3.1.4+dfsg-1+deb10u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6561e1f23c8544a607fd4d7daa66eed08182d27
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6561e1f23c8544a607fd4d7daa66eed08182d27
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210729/8bda0014/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list