[Git][security-tracker-team/security-tracker][master] Reserve DLA-3229-1 for node-log4js
Utkarsh Gupta (@utkarsh)
utkarsh at debian.org
Tue Dec 6 19:10:36 GMT 2022
Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d43927f5 by Utkarsh Gupta at 2022-12-07T00:40:16+05:30
Reserve DLA-3229-1 for node-log4js
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -80457,7 +80457,6 @@ CVE-2022-21705 (Octobercms is a self-hosted CMS platform based on the Laravel PH
CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions defau ...)
- node-log4js 6.4.1+~cs8.3.5-1
[bullseye] - node-log4js 6.3.0+~cs8.3.10-1+deb11u1
- [buster] - node-log4js <no-dsa> (Minor issue)
[stretch] - node-log4js <end-of-life> (Nodejs in stretch not covered by security support)
NOTE: https://github.com/log4js-node/log4js-node/pull/1141 (v6.4.1)
NOTE: https://github.com/log4js-node/streamroller/pull/87
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Dec 2022] DLA-3229-1 node-log4js - security update
+ {CVE-2022-21704}
+ [buster] - node-log4js 4.0.2-2+deb10u1
[07 Dec 2022] DLA-3228-1 node-json-schema - security update
{CVE-2021-3918}
[buster] - node-json-schema 0.2.3-1+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -181,10 +181,6 @@ node-loader-utils
NOTE: 20221111: Programming language: JavaScript.
NOTE: 20221111: upcoming bullseye PU https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023798 (Beuc/front-desk)
--
-node-log4js (Utkarsh)
- NOTE: 20221111: Programming language: JavaScript.
- NOTE: 20221111: Follow fixes from bullseye 11.5 (Beuc/front-desk)
---
node-moment
NOTE: 20221111: Programming language: JavaScript.
NOTE: 20221111: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d43927f5b41c699799f7f7a79ca9b141a4c21f96
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d43927f5b41c699799f7f7a79ca9b141a4c21f96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221206/f95921ca/attachment.htm>
More information about the debian-security-tracker-commits
mailing list