[Git][security-tracker-team/security-tracker][master] new jakarta-el-api, node-got issues (concludes external check)

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 30 17:01:23 BST 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
93e753ee by Moritz Mühlenhoff at 2021-05-30T18:00:52+02:00
new jakarta-el-api, node-got issues (concludes external check)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -656,6 +656,9 @@ CVE-2021-33504
 CVE-2021-33503
 	RESERVED
 CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...)
+	- node-got <unfixed>
+	NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
+	NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103	
 	TODO: check, normalize-url seems embedded in node-yarnpkg, node-got, check its use
 CVE-2021-33501
 	RESERVED
@@ -13194,7 +13197,9 @@ CVE-2021-28172 (There is a Path Traversal vulnerability in the file download fun
 CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...)
 	NOT-FOR-US: Vangene deltaFlow E-platform
 CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earlier, a ...)
-	TODO: check
+	- jakarta-el-api <unfixed>
+	NOTE: https://github.com/eclipse-ee4j/el-ri/issues/155
+	NOTE: https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
 CVE-2021-28169
 	RESERVED
 CVE-2021-28168 (Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93e753ee0d374a5083c56593cd825d4fa6c333c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93e753ee0d374a5083c56593cd825d4fa6c333c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210530/4532cc83/attachment.htm>

More information about the debian-security-tracker-commits mailing list