[Git][security-tracker-team/security-tracker][master] 2 commits: dla-needed.txt: Add note for node-object-path.

Fri Dec 23 07:09:07 GMT 2022


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5fb07af8 by Chris Lamb at 2022-12-23T07:04:32+00:00
dla-needed.txt: Add note for node-object-path.

- - - - -
6f5cf157 by Chris Lamb at 2022-12-23T07:08:18+00:00
Triage CVE-2021-23440/node-set-value for Buster LTS.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -141010,7 +141010,7 @@ CVE-2021-23441
 CVE-2021-23440 (This affects the package set-value before <2.0.1, >=3.0.0 <4. ...)
 	- node-set-value 3.0.1-3 (bug #994448)
 	[bullseye] - node-set-value 3.0.1-2+deb11u1
-	[buster] - node-set-value <no-dsa> (Minor issue)
+	[buster] - node-set-value <not-affected> (Vulnerable code does not exist)
 	[stretch] - node-set-value <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://github.com/jonschlinkert/set-value/commit/383b72d47c74a55ae8b6e231da548f9280a4296a (v4.0.1)
 	NOTE: https://github.com/jonschlinkert/set-value/pull/33


=====================================
data/dla-needed.txt
=====================================
@@ -180,10 +180,7 @@ node-nth-check
 node-object-path
   NOTE: 20221111: Programming language: JavaScript.
   NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk)
---
-node-set-value
-  NOTE: 20221111: Programming language: JavaScript.
-  NOTE: 20221111: Follow fixes from bullseye 11.1 (Beuc/front-desk)
+  NOTE: 20221223: Functional part of CVE-2021-3805 might be https://gist.github.com/lamby/ebf0633837f16d174138bbf36bef38f3/raw (lamby)
 --
 node-trim-newlines
   NOTE: 20221111: Programming language: JavaScript.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f1d83701ab52f52593b1bd5ce1c775f68abb9655...6f5cf15718f6c77cff3a4cd1f422f94e651d1365

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f1d83701ab52f52593b1bd5ce1c775f68abb9655...6f5cf15718f6c77cff3a4cd1f422f94e651d1365
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221223/2cd2c931/attachment.htm>
