[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-34104/node-webfont

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 12 20:01:40 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
661627bb by Salvatore Bonaccorso at 2023-06-12T21:00:40+02:00
Update information for CVE-2023-34104/node-webfont

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -514,9 +514,10 @@ CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before 2.3
 CVE-2023-34111 (The `Release PR Merged` workflow in the github repo taosdata/grafanapl ...)
 	NOT-FOR-US: taosdata/grafanaplugin
 CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser. fast-xm ...)
-	- node-webfont <unfixed>
+	- node-webfont <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw
-	NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c (v4.2.3)
+	NOTE: Introduced by: https://github.com/NaturalIntelligence/fast-xml-parser/commit/a4bdced80369892ee413bf08e28b78795a2b0d5b (v4.1.3)
+	NOTE: Fixed by: https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c (v4.2.3)
 CVE-2023-33977 (Kiwi TCMS is an open source test management system for both manual and ...)
 	NOT-FOR-US: Kiwi TCMS
 CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and container  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/661627bb76eaca4f5caf787b5aef24aa6cbe67a2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/661627bb76eaca4f5caf787b5aef24aa6cbe67a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230612/4a493d97/attachment.htm>

More information about the debian-security-tracker-commits mailing list