[Git][security-tracker-team/security-tracker][master] Reserve DLA-3271-1 for node-minimatch

Guilhem Moulin (@guilhem) guilhem at debian.org
Sun Jan 15 15:20:57 GMT 2023 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f8b040c by Guilhem Moulin at 2023-01-15T16:20:33+01:00
Reserve DLA-3271-1 for node-minimatch

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -23083,7 +23083,6 @@ CVE-2022-42920 (Apache Commons BCEL has a number of APIs that would normally onl
 CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw allows a ...)
 	- node-minimatch 3.0.5+~3.0.5-1
 	[bullseye] - node-minimatch 3.0.4+~3.0.3-1+deb11u1
-	[buster] - node-minimatch <no-dsa> (Minor issue)
 	NOTE: https://github.com/grafana/grafana-image-renderer/issues/329
 	NOTE: https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 (v3.0.5)
 	NOTE: Regression follow-up: https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[15 Jan 2023] DLA-3271-1 node-minimatch - security update
+	{CVE-2022-3517}
+	[buster] - node-minimatch 3.0.4-3+deb10u1
 [15 Jan 2023] DLA-3270-1 net-snmp - security update
 	{CVE-2022-44792 CVE-2022-44793}
 	[buster] - net-snmp 5.7.3+dfsg-5+deb10u4


=====================================
data/dla-needed.txt
=====================================
@@ -180,10 +180,6 @@ node-got
   NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
   NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby).
 --
-node-minimatch (guilhem)
-  NOTE: 20230105: Programming language: JavaScript.
-  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
---
 node-moment (Utkarsh)
   NOTE: 20221111: Programming language: JavaScript.
   NOTE: 20221111: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f8b040c54c03454f6df15f9c3d726336bb43ad9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f8b040c54c03454f6df15f9c3d726336bb43ad9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230115/4cbf11fd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list