[Git][security-tracker-team/security-tracker][master] CVE-2021-32921 marked as no-dsa for buster since the impact is low. Upstream...

[Ola Lundqvist (@opal)]

Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b38954ed by Ola Lundqvist at 2023-04-23T14:21:52+02:00
CVE-2021-32921 marked as no-dsa for buster since the impact is low. Upstream has considered the impact too low to fix it.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -145261,7 +145261,9 @@ CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handle
 	NOT-FOR-US: Node hbs
 CVE-2021-32821 (MooTools is a collection of JavaScript utilities for JavaScript develo ...)
 	- mootools <unfixed> (bug #1032664)
+	[buster] - mootools <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/
+	NOTE: No plan to fix this upstream as upstream consider it too low impact.
 CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...)
 	NOT-FOR-US: Express-handlebars
 CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that works o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b38954ed66c990145a046c236ca3e3789354746e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b38954ed66c990145a046c236ca3e3789354746e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230423/b483509e/attachment.htm>