[Git][security-tracker-team/security-tracker][master] CVE-2022-33987: Mark node-got/buster has not-affected

Bastien Roucariès (@rouca) rouca at debian.org
Sat May 20 23:28:13 BST 2023 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7c42961 by Bastien Roucariès at 2023-05-20T22:26:39+00:00
CVE-2022-33987: Mark node-got/buster has not-affected

Tested not-affected here https://salsa.debian.org/js-team/node-got/-/commit/47a15e189e39c29281532131675a998e1c0a9f8e

Code throw an error.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -72648,9 +72648,10 @@ CVE-2022-33988 (dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id
 CVE-2022-33987 (The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allow ...)
 	- node-got 11.8.3+~cs58.7.37-3 (bug #1013264)
 	[bullseye] - node-got 11.8.1+~cs53.13.17-3+deb11u1
-	[buster] - node-got <no-dsa> (Minor issue)
+	[buster] - node-got <not-affected> (vulnerability introduced later)
 	NOTE: https://github.com/sindresorhus/got/pull/2047
 	NOTE: Fixed by: https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc (v12.1.0)
+	NOTE: buster tested against CVE here https://salsa.debian.org/js-team/node-got/-/commit/47a15e189e39c29281532131675a998e1c0a9f8e
 CVE-2022-33986 (DMA attacks on the parameter buffer used by the VariableRuntimeDxe sof ...)
 	NOT-FOR-US: Insyde
 CVE-2022-33985 (DMA transactions which are targeted at input buffers used for the NvmE ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7c42961f7c87bc18500da6e4a106511d2a4604a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7c42961f7c87bc18500da6e4a106511d2a4604a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230520/1cff6c46/attachment.htm>

More information about the debian-security-tracker-commits mailing list