[Git][security-tracker-team/security-tracker][master] Mark CVE-2023-23919/nodejs as not-affected for buster.

Guilhem Moulin (@guilhem) guilhem at debian.org
Sat Feb 25 20:49:49 GMT 2023 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e00fb79 by Guilhem Moulin at 2023-02-25T21:40:19+01:00
Mark CVE-2023-23919/nodejs as not-affected for buster.

And add reference to the disclosure report, where (unlike the CVE text)
upstream claims v14 is unaffected.  (The latest release of the v14.x
LTS branch, namely v14.21.3, makes no mention of CVE-2023-23919 either.)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7339,7 +7339,9 @@ CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js. <19
 	NOTE: https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1
 CVE-2023-23919 (A cryptographic vulnerability exists in Node.js <19.2.0, <18.14. ...)
 	- nodejs <unfixed> (bug #1031834)
+	[buster] - nodejs <not-affected> (X509Certificate API introduced in v15.6.0)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-openssl-error-handling-issues-in-nodejs-crypto-library-medium-cve-2023-23919
+	NOTE: https://hackerone.com/reports/1808596
 	NOTE: https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029
 CVE-2023-23918 (A privilege escalation vulnerability exists in Node.js <19.6.1, &lt ...)
 	- nodejs <unfixed> (bug #1031834)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e00fb795632cb049452c0db63cdf3939cac5d2b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e00fb795632cb049452c0db63cdf3939cac5d2b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230225/cc263487/attachment.htm>

More information about the debian-security-tracker-commits mailing list