[Git][security-tracker-team/security-tracker][master] Reserve DLA-3299-1 for node-qs

Guilhem Moulin (@guilhem) guilhem at debian.org
Mon Jan 30 21:56:46 GMT 2023



Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4119f7e0 by Guilhem Moulin at 2023-01-30T22:56:02+01:00
Reserve DLA-3299-1 for node-qs

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -76721,7 +76721,6 @@ CVE-2022-25000
 CVE-2022-24999 (qs before 6.10.3, as used in Express before 4.17.3 and other products, ...)
 	- node-qs 6.10.3+ds+~6.9.7-1
 	[bullseye] - node-qs 6.9.4+ds-1+deb11u1
-	[buster] - node-qs <no-dsa> (Minor issue)
 	NOTE: https://github.com/ljharb/qs/pull/428
 	NOTE: https://github.com/n8tz/CVE-2022-24999
 CVE-2022-24998


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Jan 2023] DLA-3299-1 node-qs - security update
+	{CVE-2022-24999}
+	[buster] - node-qs 6.5.2-1+deb10u1
 [31 Jan 2023] DLA-3298-1 ruby-rack - security update
 	{CVE-2020-8161 CVE-2020-8184 CVE-2022-44570 CVE-2022-44571 CVE-2022-44572}
 	[buster] - ruby-rack 2.0.6-3+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -174,10 +174,6 @@ node-nth-check
   NOTE: 20221111: Follow fixes from bullseye 11.3 (Beuc/front-desk)
   NOTE: 20221223: Module has been rewritten in Typescript since Buster released (lamby).
 --
-node-qs (guilhem)
-  NOTE: 20230105: Programming language: JavaScript.
-  NOTE: 20230105: Follow fixes from bullseye 11.6 (Beuc/front-desk)
---
 node-url-parse (guilhem)
   NOTE: 20221111: Programming language: JavaScript.
   NOTE: 20221111: Follow fixes from bullseye 11.4 + check postponed issues (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4119f7e0c7f62d340240bb5fc234da608509800e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4119f7e0c7f62d340240bb5fc234da608509800e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230130/99552063/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list