[Git][security-tracker-team/security-tracker][master] Reserve DLA-3260-1 for node-xmldom

Sun Jan 1 16:49:57 GMT 2023


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ffcb381a by Guilhem Moulin at 2023-01-01T17:49:36+01:00
Reserve DLA-3260-1 for node-xmldom

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -149005,7 +149005,6 @@ CVE-2021-21367 (Switchboard Bluetooth Plug for elementary OS from version 2.3.0
 	NOT-FOR-US: Switchboard Bluetooth Plug for elementary OS
 CVE-2021-21366 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core)  ...)
 	- node-xmldom 0.5.0-1
-	[buster] - node-xmldom <no-dsa> (Minor issue)
 	NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
 	NOTE: https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
 CVE-2021-21365 (Bootstrap Package is a theme for TYPO3. It has been discovered that re ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Jan 2023] DLA-3260-1 node-xmldom - security update
+	{CVE-2021-21366 CVE-2022-39353}
+	[buster] - node-xmldom 0.1.27+ds-1+deb10u2
 [31 Dec 2022] DLA-3259-1 libjettison-java - security update
 	{CVE-2022-40150 CVE-2022-45685 CVE-2022-45693}
 	[buster] - libjettison-java 1.5.3-1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -192,11 +192,6 @@ node-url-parse
   NOTE: 20221111: Programming language: JavaScript.
   NOTE: 20221111: Follow fixes from bullseye 11.4 + check postponed issues (Beuc/front-desk)
 --
-node-xmldom (guilhem)
-  NOTE: 20221130: Programming language: JavaScript.
-  NOTE: 20221130: VCS: https://salsa.debian.org/lts-team/packages/node-xmldom.git
-  NOTE: 20221130: https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883 (gladk).
---
 nodejs
   NOTE: 20221105: Programming language: Javascript, C/C++, Python
   NOTE: 20221105: VCS: https://salsa.debian.org/lts-team/packages/nodejs.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffcb381a16569b050c98493884f1e8755f602c09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffcb381a16569b050c98493884f1e8755f602c09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230101/50e45288/attachment-0001.htm>
