[Git][security-tracker-team/security-tracker][master] Update CVE-2017-1000228/node-ejs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 29 20:02:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0ed6320 by Salvatore Bonaccorso at 2022-04-29T21:01:55+02:00
Update CVE-2017-1000228/node-ejs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -288981,7 +288981,9 @@ CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optip
NOTE: https://sourceforge.net/p/optipng/bugs/65/
NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code exec ...)
- NOT-FOR-US: nodejs ejs
+ - node-ejs 2.5.7-1
+ NOTE: https://security.snyk.io/vuln/npm:ejs:20161128
+ NOTE: https://github.com/mde/ejs/commit/3d447c5a335844b25faec04b1132dbc721f9c8f6 (v2.5.3)
CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...)
NOT-FOR-US: WordPress plugin
CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using relevans ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ed6320d793b1c54fd2a3303ae579bc97d40ae6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0ed6320d793b1c54fd2a3303ae579bc97d40ae6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220429/26318477/attachment.htm>
More information about the debian-security-tracker-commits
mailing list