[Git][security-tracker-team/security-tracker][master] new jpeg-xl, node-got issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jun 20 11:55:46 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c60d9310 by Moritz Muehlenhoff at 2022-06-20T12:55:05+02:00
new jpeg-xl, node-got issues
ruby-octokit n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -294,7 +294,8 @@ CVE-2022-34002
 CVE-2022-34001
 	RESERVED
 CVE-2022-34000 (libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init ...)
-	TODO: check
+	- jpeg-xl <unfixed>
+	NOTE: https://github.com/libjxl/libjxl/issues/1477
 CVE-2022-33948
 	RESERVED
 CVE-2022-33999
@@ -342,7 +343,10 @@ CVE-2022-33989
 CVE-2022-33988
 	RESERVED
 CVE-2022-33987 (The got package before 12.1.0 for Node.js allows a redirect to a UNIX  ...)
-	TODO: check
+	- node-got <unfixed>
+	[bullseye] - node-got <no-dsa> (Minor issue)
+	[buster] - node-got <no-dsa> (Minor issue)
+	NOTE: https://github.com/sindresorhus/got/pull/2047
 CVE-2022-33986
 	RESERVED
 CVE-2022-33985
@@ -7694,7 +7698,8 @@ CVE-2022-31074
 CVE-2022-31073
 	RESERVED
 CVE-2022-31072 (Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24 ...)
-	TODO: check
+	- ruby-octokit <not-affected> (No vulnerable version was uploaded to the archive)
+	NOTE: https://github.com/octokit/octokit.rb/security/advisories/GHSA-g28x-pgr3-qqx6
 CVE-2022-31071 (Octopoller is a micro gem for polling and retrying. Version 0.2.0 of t ...)
 	NOT-FOR-US: Octopoller
 CVE-2022-31070 (NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c60d93100a230e09116a82d3e7517878fe3971bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c60d93100a230e09116a82d3e7517878fe3971bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/c4433a31/attachment.htm>

More information about the debian-security-tracker-commits mailing list