[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust tracking for CVE-2022-37601: Associate with node-loader-utils
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 10 11:32:59 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
32b1ce60 by Salvatore Bonaccorso at 2022-11-10T12:32:11+01:00
Adjust tracking for CVE-2022-37601: Associate with node-loader-utils
- - - - -
1e284f74 by Salvatore Bonaccorso at 2022-11-10T12:32:12+01:00
Track two more CVEs for node-loader-utils
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22160,15 +22160,19 @@ CVE-2022-37605
CVE-2022-37604
RESERVED
CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...)
- NOT-FOR-US: loader-utils
+ - node-loader-utils <unfixed>
+ NOTE: https://github.com/webpack/loader-utils/issues/213
CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 vi ...)
NOT-FOR-US: karma-runner grunt-karma
CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in parseQuery ...)
- NOT-FOR-US: loader-utils
+ - node-loader-utils 2.0.3-1
+ NOTE: https://github.com/webpack/loader-utils/issues/212
+ NOTE: https://github.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c (v2.0.3)
CVE-2022-37600
RESERVED
CVE-2022-37599 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...)
- NOT-FOR-US: loader-utils
+ - node-loader-utils <unfixed>
+ NOTE: https://github.com/webpack/loader-utils/issues/211
CVE-2022-37598 (Prototype pollution vulnerability in function DEFNODE in ast.js in mis ...)
- uglify-js <unfixed> (unimportant)
- uglifyjs <removed> (unimportant)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/023a0626fb934a8b7a2093939b6bd07503469167...1e284f7425b9ac6ec8e88447c2ad33042866931a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/023a0626fb934a8b7a2093939b6bd07503469167...1e284f7425b9ac6ec8e88447c2ad33042866931a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221110/795c5fbb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list