[Git][security-tracker-team/security-tracker][master] one nodejs issue ignored for bullseye
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Dec 25 18:43:04 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dcdba6bd by Moritz Muehlenhoff at 2023-12-25T19:42:30+01:00
one nodejs issue ignored for bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -36163,6 +36163,7 @@ CVE-2023-30590 (The generateKeys() API function returned from crypto.createDiffi
NOTE: Fixed by: https://github.com/nodejs/node/commit/1a5c9284ebce5cd71cf7a3c29759a748c373ac85 (v16.x)
CVE-2023-30589 (The llhttp parser in the http module in Node v20.2.0 does not strictly ...)
- nodejs 18.13.0+dfsg1-1.1 (bug #1039990)
+ [bullseye] - nodejs <no-dsa> (Minor issue, too intrusive to backport)
[buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x)
- llhttp <itp> (bug #977716)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#http-request-smuggling-via-empty-headers-separated-by-cr-medium-cve-2023-30589
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcdba6bd33228550f0f67068a4ff69b986908357
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcdba6bd33228550f0f67068a4ff69b986908357
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231225/015ac050/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list