[Git][security-tracker-team/security-tracker][master] new node-ssri issue
Moritz Muehlenhoff
jmm at debian.org
Mon Mar 15 08:20:02 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
870efcf5 by Moritz Muehlenhoff at 2021-03-15T09:19:42+01:00
new node-ssri issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2021-28381
CVE-2021-28380
RESERVED
CVE-2021-28379 (web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) thro ...)
- TODO: check
+ NOT-FOR-US: Vesta Control Panel
CVE-2021-28378 (Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue dat ...)
- TODO: check
+ - gitea <removed>
CVE-2021-28377
RESERVED
CVE-2021-28376
@@ -2473,7 +2473,8 @@ CVE-2021-27292
CVE-2021-27291
RESERVED
CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expre ...)
- TODO: check
+ - node-ssri <unfixed>
+ NOTE: https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf
CVE-2021-27289
RESERVED
CVE-2021-27288
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/870efcf57bcbd3183392cb694ccc3c5de427a37b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/870efcf57bcbd3183392cb694ccc3c5de427a37b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210315/56b60ff5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list