[Git][security-tracker-team/security-tracker][master] Reserve DLA-3299-1 for node-qs
Guilhem Moulin (@guilhem)
guilhem at debian.org
Mon Jan 30 21:56:46 GMT 2023
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4119f7e0 by Guilhem Moulin at 2023-01-30T22:56:02+01:00
Reserve DLA-3299-1 for node-qs
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -76721,7 +76721,6 @@ CVE-2022-25000
CVE-2022-24999 (qs before 6.10.3, as used in Express before 4.17.3 and other products, ...)
- node-qs 6.10.3+ds+~6.9.7-1
[bullseye] - node-qs 6.9.4+ds-1+deb11u1
- [buster] - node-qs <no-dsa> (Minor issue)
NOTE: https://github.com/ljharb/qs/pull/428
NOTE: https://github.com/n8tz/CVE-2022-24999
CVE-2022-24998
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Jan 2023] DLA-3299-1 node-qs - security update
+ {CVE-2022-24999}
+ [buster] - node-qs 6.5.2-1+deb10u1
[31 Jan 2023] DLA-3298-1 ruby-rack - security update
{CVE-2020-8161 CVE-2020-8184 CVE-2022-44570 CVE-2022-44571 CVE-2022-44572}
[buster] - ruby-rack 2.0.6-3+deb10u2
=====================================
data/dla-needed.txt
=====================================
@@ -174,10 +174,6 @@ node-nth-check
NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby).
--
-node-qs (guilhem)
- NOTE: 20230105: Programming language: JavaScript.
- NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
---
node-url-parse (guilhem)
NOTE: 20221111: Programming language: JavaScript.
NOTE: 20221111: Follow fixes from bullseye 11.4 + check postponed issues (Beuc/front-desk)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4119f7e0c7f62d340240bb5fc234da608509800e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4119f7e0c7f62d340240bb5fc234da608509800e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/99552063/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list