[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2022-29078/node-ejs as no-dsa
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 30 08:23:47 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
19260e91 by Salvatore Bonaccorso at 2022-04-30T09:21:51+02:00
Mark CVE-2022-29078/node-ejs as no-dsa
- - - - -
0323e19c by Salvatore Bonaccorso at 2022-04-30T09:23:18+02:00
Track proposed update for node-ejs via bullseye-pu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2435,6 +2435,8 @@ CVE-2022-29079
RESERVED
CVE-2022-29078 (The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js ...)
- node-ejs 3.1.7-1 (bug #1010359)
+ [bullseye] - node-ejs <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - node-ejs <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - node-ejs <end-of-life> (Node not covered by security support)
NOTE: https://eslam.io/posts/ejs-server-side-template-injection-rce/
NOTE: https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf (v3.1.7)
=====================================
data/next-point-update.txt
=====================================
@@ -54,3 +54,5 @@ CVE-2022-27405
[bullseye] - freetype 2.10.4+dfsg-1+deb11u1
CVE-2022-27404
[bullseye] - freetype 2.10.4+dfsg-1+deb11u1
+CVE-2022-29078
+ [bullseye] - node-ejs 2.5.7-3+deb11u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e6a9f5debf53a3a71988a73d981528424df2b9e...0323e19ccd83df57cd24c9db68a402960e510bb9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5e6a9f5debf53a3a71988a73d981528424df2b9e...0323e19ccd83df57cd24c9db68a402960e510bb9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220430/6921bada/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list