[Git][security-tracker-team/security-tracker][master] new fast-xml-parser/node-webfont issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
137b8c46 by Moritz Muehlenhoff at 2023-06-09T11:16:31+02:00
new fast-xml-parser/node-webfont issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -466,7 +466,9 @@ CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before 2.3
 CVE-2023-34111 (The `Release PR Merged` workflow in the github repo taosdata/grafanapl ...)
 	NOT-FOR-US: taosdata/grafanaplugin
 CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser. fast-xm ...)
-	TODO: check
+	- node-webfont <unfixed>
+	NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw
+	NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c
 CVE-2023-33977 (Kiwi TCMS is an open source test management system for both manual and ...)
 	NOT-FOR-US: Kiwi TCMS
 CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and container  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/137b8c465d00a105a5ed61db064a17a4a2ffb40f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/137b8c465d00a105a5ed61db064a17a4a2ffb40f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230609/245fa89f/attachment.htm>