[Git][security-tracker-team/security-tracker][master] Reserve DLA-3383-1 for grunt

Chris Lamb (@lamby) lamby at debian.org
Wed Apr 5 18:07:01 BST 2023 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e36a2bd6 by Chris Lamb at 2023-04-05T18:06:31+01:00
Reserve DLA-3383-1 for grunt

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -76661,7 +76661,6 @@ CVE-2022-1538
 CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...)
 	- grunt 1.5.3-1
 	[bullseye] - grunt <no-dsa> (Minor issue)
-	[buster] - grunt <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/
 	NOTE: https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae (v1.5.3)
 CVE-2022-1536 (A vulnerability has been found in automad up to 1.10.9 and classified  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[05 Apr 2023] DLA-3383-1 grunt - security update
+	{CVE-2022-1537}
+	[buster] - grunt 1.0.1-8+deb10u2
 [05 Apr 2023] DLA-3382-1 openimageio - security update
 	{CVE-2022-36354 CVE-2022-41639 CVE-2022-41838 CVE-2022-41977 CVE-2022-41981 CVE-2022-41988 CVE-2022-41999 CVE-2022-43592 CVE-2022-43593 CVE-2022-43594 CVE-2022-43595 CVE-2022-43596 CVE-2022-43597 CVE-2022-43598 CVE-2022-43599 CVE-2022-43600 CVE-2022-43601 CVE-2022-43602 CVE-2022-43603}
 	[buster] - openimageio 2.0.5~dfsg0-1+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -102,10 +102,6 @@ golang-yaml.v2
   NOTE: 20230125: VCS: https://salsa.debian.org/lts-team/packages/golang-yaml.v2.git
   NOTE: 20230125: Special attention: limited support; requires rebuilding reverse build dependencies (though recent bullseye updates didn't).
 --
-grunt (Chris Lamb)
-  NOTE: 20230404: Programming language: JavaScript.
-  NOTE: 20220528: CVE-2022-0436 fixed in all other dists (Debian 11.4, ELA-672-1 for stretch) (Beuc/front-desk)
---
 hdf5
   NOTE: 20230318: Programming language: C.
   NOTE: 20230318: VCS: https://salsa.debian.org/lts-team/packages/hdf5.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e36a2bd67ca7d8ef7bc6480e0d1c8517b17c2986

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e36a2bd67ca7d8ef7bc6480e0d1c8517b17c2986
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230405/d6e7e206/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list