[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-25844/angular.js: stretch ignored

Sat May 28 16:00:15 BST 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4476dd6f by Sylvain Beucler at 2022-05-28T16:59:23+02:00
CVE-2022-25844/angular.js: stretch ignored

- - - - -
4b59151d by Sylvain Beucler at 2022-05-28T16:59:23+02:00
dla: add grunt

- - - - -
65b76220 by Sylvain Beucler at 2022-05-28T16:59:24+02:00
CVE-2022-24758/jupyter-notebook: reference patch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16620,6 +16620,7 @@ CVE-2022-25845
 	RESERVED
 CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...)
 	- angular.js <unfixed>
+	[stretch] - angular.js <ignored> (Nodejs in stretch not covered by security support)
 	NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
 CVE-2022-25843
 	RESERVED
@@ -19984,6 +19985,7 @@ CVE-2022-24759 (`@chainsafe/libp2p-noise` contains TypeScript implementation of
 CVE-2022-24758 (The Jupyter notebook is a web-based notebook environment for interacti ...)
 	- jupyter-notebook <unfixed>
 	NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55
+	NOTE: https://github.com/jupyter/notebook/commit/c219ce43c1ea25123fa70d264e7735bdf4585b1e (6.4.10)
 CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...)
 	- jupyter-server 1.16.0-1 (bug #1008319)
 	NOTE: https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a (v1.15.4)


=====================================
data/dla-needed.txt
=====================================
@@ -82,6 +82,9 @@ golang-github-hashicorp-go-getter
 golang-go.crypto
   NOTE: 20220331: rebuild reverse-dependencies if needed, e.g. DLA-2402-1 -> DLA-2453-1/DLA-2454-1/DLA-2455-1; also check buster status (Beuc/front-desk)
 --
+grunt
+  NOTE: 20220528: upcoming stable update (cf. #1010211) + 1 new CVE (Beuc/front-desk)
+--
 halibut (Anton)
   NOTE: 20220528: Programming language C.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/62cefbc3566f43f4791a3775d7ac0a7cd69e0399...65b762206479ef7c0da22fe6379a9d7263adbf30

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/62cefbc3566f43f4791a3775d7ac0a7cd69e0399...65b762206479ef7c0da22fe6379a9d7263adbf30
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220528/89def714/attachment.htm>
