[Git][security-tracker-team/security-tracker][master] Triage CVE-2017-1000188, CVE-2017-1000189 & CVE-2017-1000228 in node-ejs for stretch LTS.

Chris Lamb (@lamby) lamby at debian.org
Fri Apr 29 21:20:57 BST 2022



Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73c38598 by Chris Lamb at 2022-04-29T13:20:15-07:00
Triage CVE-2017-1000188, CVE-2017-1000189 & CVE-2017-1000228 in node-ejs for stretch LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -289070,6 +289070,7 @@ CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optip
 	NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
 CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code exec ...)
 	- node-ejs 2.5.7-1
+	[stretch] - node-ejs <end-of-life> (Node not covered by security support)
 	NOTE: https://security.snyk.io/vuln/npm:ejs:20161128
 	NOTE: https://github.com/mde/ejs/commit/3d447c5a335844b25faec04b1132dbc721f9c8f6 (v2.5.3)
 CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...)
@@ -289106,9 +289107,11 @@ CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a XSS)
 	NOT-FOR-US: October CMS
 CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-servi ...)
 	- node-ejs 2.5.7-1
+	[stretch] - node-ejs <end-of-life> (Node not covered by security support)
 	NOTE: https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f (v2.5.4)
 CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scri ...)
 	- node-ejs 2.5.7-1
+	[stretch] - node-ejs <end-of-life> (Node not covered by security support)
 	NOTE: https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f (v2.5.4)
 CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. FoFiTru ...)
 	- swftools <removed> (unimportant)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73c38598e0ea4d9e8f645a24a808ec712ab04474

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73c38598e0ea4d9e8f645a24a808ec712ab04474
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220429/0ebc19a5/attachment.htm>


More information about the debian-security-tracker-commits mailing list