[Git][security-tracker-team/security-tracker][master] Update information for CVE-2021-43616/npm, fixed via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 4 19:55:18 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6b9bd847 by Salvatore Bonaccorso at 2022-03-04T20:54:43+01:00
Update information for CVE-2021-43616/npm, fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22069,10 +22069,11 @@ CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the
CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...)
- - npm <unfixed>
+ - npm 8.4.1~ds-1
[bullseye] - npm <no-dsa> (Minor issue)
[buster] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/cli/issues/2701
+ NOTE: https://github.com/npm/cli/commit/457e0ae61bbc55846f5af44afa4066921923490f (v8.4.1)
CVE-2021-43615 (An issue was discovered in HddPassword in Insyde InsydeH2O with kernel ...)
NOT-FOR-US: Insyde
CVE-2021-43614
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b9bd847a2c406e34e8dd6609fd13c9940ad861a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b9bd847a2c406e34e8dd6609fd13c9940ad861a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220304/cd56f57d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list