[Git][security-tracker-team/security-tracker][master] Reserve DLA-3235-1 for node-eventsource
Guilhem Moulin (@guilhem)
guilhem at debian.org
Sun Dec 11 13:35:57 GMT 2022
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5eedaa2 by Guilhem Moulin at 2022-12-11T14:35:35+01:00
Reserve DLA-3235-1 for node-eventsource
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -47676,7 +47676,6 @@ CVE-2022-1651 (A memory leak flaw was found in the Linux kernel in acrn_dev_ioct
CVE-2022-1650 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
- node-eventsource 2.0.2+~1.1.8-1
[bullseye] - node-eventsource 1.0.7-1+deb11u1
- [buster] - node-eventsource <no-dsa> (Minor issue)
[stretch] - node-eventsource <end-of-life> (not covered by security support)
NOTE: https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e/
NOTE: https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4 (v2.0.2)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Dec 2022] DLA-3235-1 node-eventsource - security update
+ {CVE-2022-1650}
+ [buster] - node-eventsource 0.2.1-1+deb10u1
[10 Dec 2022] DLA-3234-1 hsqldb - security update
{CVE-2022-41853}
[buster] - hsqldb 2.4.1-2+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -156,10 +156,6 @@ nextcloud-desktop
node-css-what
NOTE: 20221031: Programming language: Javascript.
--
-node-eventsource (guilhem)
- NOTE: 20221111: Programming language: JavaScript.
- NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
---
node-follow-redirects
NOTE: 20221111: Programming language: JavaScript.
NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5eedaa27c16d3505ec4c32b9302c0b2e6f98330
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5eedaa27c16d3505ec4c32b9302c0b2e6f98330
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221211/6f2c8777/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list