[Git][security-tracker-team/security-tracker][master] Mark CVE-2022-0536 in node-follow-redirects as ignored in Buster LTS; this follows CVE-2022-0155.

Chris Lamb (@lamby) lamby at debian.org
Fri Dec 23 06:55:27 GMT 2022 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0529866d by Chris Lamb at 2022-12-23T06:55:00+00:00
Mark CVE-2022-0536 in node-follow-redirects as ignored in Buster LTS; this follows CVE-2022-0155.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -69160,7 +69160,7 @@ CVE-2022-0537 (The MapPress Maps for WordPress plugin before 2.73.13 allows a hi
 CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...)
 	- node-follow-redirects 1.14.8+~1.14.0-1
 	[bullseye] - node-follow-redirects 1.13.1-1+deb11u1
-	[buster] - node-follow-redirects <no-dsa> (Minor issue)
+	[buster] - node-follow-redirects <ignored> (Minor issue, too intrusive to backport)
 	NOTE: https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db/
 	NOTE: https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 (v1.14.8)
 CVE-2022-0535 (The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape ...)


=====================================
data/dla-needed.txt
=====================================
@@ -160,10 +160,6 @@ nextcloud-desktop
 node-css-what
   NOTE: 20221031: Programming language: Javascript.
 --
-node-follow-redirects (Chris Lamb)
-  NOTE: 20221111: Programming language: JavaScript.
-  NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
---
 node-got
   NOTE: 20221111: Programming language: JavaScript.
   NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0529866d05be2bbc78619c46ea5327c2c450e567

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0529866d05be2bbc78619c46ea5327c2c450e567
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221223/c62bfe0a/attachment.htm>

More information about the debian-security-tracker-commits mailing list