[Git][security-tracker-team/security-tracker][master] Reserve DLA-3154-1 for node-xmldom
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Tue Oct 18 15:59:58 BST 2022
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
67279254 by Emilio Pozuelo Monfort at 2022-10-18T16:59:36+02:00
Reserve DLA-3154-1 for node-xmldom
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -14468,7 +14468,6 @@ CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in re
CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy in dom ...)
- node-xmldom 0.8.3-1 (bug #1021618)
[bullseye] - node-xmldom <no-dsa> (Minor issue)
- [buster] - node-xmldom <no-dsa> (Minor issue)
NOTE: https://github.com/xmldom/xmldom/issues/436
NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj
NOTE: Fixed by: https://github.com/xmldom/xmldom/commit/6956ec406fd4658dfb028a327c7a39238b24c3cd (0.9.0-beta.2)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 Oct 2022] DLA-3154-1 node-xmldom - security update
+ {CVE-2022-37616}
+ [buster] - node-xmldom 0.1.27+ds-1+deb10u1
[17 Oct 2022] DLA-3153-1 libksba - security update
{CVE-2022-3515}
[buster] - libksba 1.3.5-2+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -117,10 +117,6 @@ netatalk
node-tar
NOTE: 20220907: Programming language: JavaScript.
--
-node-xmldom (Emilio)
- NOTE: 20221018: Programming language: JavaScript.
- NOTE: 20221018: Maintainer prepared an update.
---
openexr
NOTE: 20220904: Programming language: C++.
NOTE: 20220904: Should be synced with Stretch. (apo)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67279254ff9c40c5245d6ef1410ed7c4c9690b81
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67279254ff9c40c5245d6ef1410ed7c4c9690b81
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221018/2583598d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list