[Git][security-tracker-team/security-tracker][master] Reserve DLA-3295-1 for node-moment

Mon Jan 30 21:25:11 GMT 2023


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4abda771 by Utkarsh Gupta at 2023-01-31T02:54:50+05:30
Reserve DLA-3295-1 for node-moment

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -58694,7 +58694,6 @@ CVE-2022-31130 (Grafana is an open source observability and data visualization p
 CVE-2022-31129 (moment is a JavaScript date library for parsing, validating, manipulat ...)
 	- node-moment 2.29.4+ds-1 (bug #1014845)
 	[bullseye] - node-moment 2.29.1+ds-2+deb11u2
-	[buster] - node-moment <no-dsa> (Minor issue)
 	NOTE: https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 (2.29.4)
 	NOTE: https://github.com/moment/moment/pull/6015#issuecomment-1152961973
 	NOTE: https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
@@ -77426,7 +77425,6 @@ CVE-2022-24786 (PJSIP is a free and open source multimedia communication library
 CVE-2022-24785 (Moment.js is a JavaScript date library for parsing, validating, manipu ...)
 	- node-moment 2.29.2+ds-1 (bug #1009327)
 	[bullseye] - node-moment 2.29.1+ds-2+deb11u1
-	[buster] - node-moment <no-dsa> (Minor issue)
 	[stretch] - node-moment <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4
 	NOTE: https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 (2.29.2)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jan 2023] DLA-3295-1 node-moment - security update
+	{CVE-2022-24785 CVE-2022-31129}
+	[buster] - node-moment 2.24.0+ds-1+deb10u1
 [30 Jan 2023] DLA-3294-1 libarchive - security update
 	{CVE-2022-36227}
 	[buster] - libarchive 3.3.3-4+deb10u3


=====================================
data/dla-needed.txt
=====================================
@@ -173,10 +173,6 @@ node-got
   NOTE: 20221111: Follow fixes from bullseye 11.4 (Beuc/front-desk)
   NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby).
 --
-node-moment
-  NOTE: 20221111: Programming language: JavaScript.
-  NOTE: 20221111: Follow fixes from bullseye 11.4 and 11.5 (Beuc/front-desk)
---
 node-nth-check
   NOTE: 20221111: Programming language: JavaScript.
   NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4abda771f80df8767b1c7d160aee8cbb78f169fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4abda771f80df8767b1c7d160aee8cbb78f169fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/84a6e051/attachment-0001.htm>
