[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-3805/node-object-path: fix wrong patch URL from mitre

Sylvain Beucler (@beuc) beuc at debian.org
Fri Nov 11 11:09:12 GMT 2022 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3be1e72c by Sylvain Beucler at 2022-11-11T11:40:45+01:00
CVE-2021-3805/node-object-path: fix wrong patch URL from mitre

- - - - -
ed88d9e4 by Sylvain Beucler at 2022-11-11T11:47:49+01:00
CVE-2021-23440/node-set-value: fix wrong patch URL from mitre

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -85758,7 +85758,7 @@ CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification o
 	[buster] - node-object-path <no-dsa> (Minor issue)
 	[stretch] - node-object-path <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
-	NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
+	NOTE: https://github.com/mariocasciaro/object-path/commit/4f0903fd7c832d12ccbe0d9c3d7e25d985e9e884 (v0.11.8)
 CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...)
 	- shiro <unfixed> (bug #1014819)
 	[bullseye] - shiro <no-dsa> (Minor issue)
@@ -130851,7 +130851,7 @@ CVE-2021-23440 (This affects the package set-value before <2.0.1, >=3.0.0
 	[bullseye] - node-set-value 3.0.1-2+deb11u1
 	[buster] - node-set-value <no-dsa> (Minor issue)
 	[stretch] - node-set-value <end-of-life> (Nodejs in stretch not covered by security support)
-	NOTE: https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452 (v4.0.1)
+	NOTE: https://github.com/jonschlinkert/set-value/commit/b057b1b8cf986746b27a145629d593c6bb4ab7c4 (v4.0.1)
 	NOTE: https://github.com/jonschlinkert/set-value/pull/33/commits/383b72d47c74a55ae8b6e231da548f9280a4296a
 	NOTE: https://github.com/jonschlinkert/set-value/pull/33
 CVE-2021-23439 (This affects the package file-upload-with-preview before 4.2.0. A file ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f8ef1b71af7c159c5a39d9672fcbbcc79ed8fc93...ed88d9e44bbe54b8b4497a912af00a1d1acab7c6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f8ef1b71af7c159c5a39d9672fcbbcc79ed8fc93...ed88d9e44bbe54b8b4497a912af00a1d1acab7c6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221111/5572fcd3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list