[Git][security-tracker-team/security-tracker][master] Add CVE-2022-25927/node-ua-parser-js
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 24 07:58:19 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b3ffcdea by Salvatore Bonaccorso at 2023-02-24T08:57:22+01:00
Add CVE-2022-25927/node-ua-parser-js
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -78948,7 +78948,11 @@ CVE-2022-25929 (The package smoothie from 1.31.0 and before 1.36.1 are vulnerabl
CVE-2022-25928
RESERVED
CVE-2022-25927 (Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, fr ...)
- TODO: check
+ - node-ua-parser-js <unfixed>
+ NOTE: https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
+ NOTE: https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
+ NOTE: https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3
+ TODO: check, the ReDoS issue seems still present in 0.8.1+ds+~0.7.36-2 altough this is said to contain the fix
CVE-2022-25926 (Versions of the package window-control before 1.4.5 are vulnerable to ...)
NOT-FOR-US: Node window-control
CVE-2022-25925
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ffcdea0ecbf11fba72452aa417647675458ef1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ffcdea0ecbf11fba72452aa417647675458ef1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230224/e137b38a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list