[Git][security-tracker-team/security-tracker][master] CVE-2023-43646/node-get-func-name, CVE-2023-44270/node-postcss: buster postponed

Sylvain Beucler (@beuc) beuc at debian.org
Thu Oct 5 17:40:22 BST 2023 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d845a1b by Sylvain Beucler at 2023-10-05T18:39:55+02:00
CVE-2023-43646/node-get-func-name, CVE-2023-44270/node-postcss: buster postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -744,6 +744,7 @@ CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. It affects lin
 	- node-postcss <unfixed> (bug #1053282)
 	[bookworm] - node-postcss <no-dsa> (Minor issue)
 	[bullseye] - node-postcss <no-dsa> (Minor issue)
+	[buster] - node-postcss <postponed> (Minor issue)
 	NOTE: https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5 (8.4.31)
 CVE-2023-43711 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
 	NOT-FOR-US: Os Commerce
@@ -1670,6 +1671,7 @@ CVE-2023-43646 (get-func-name is a module to retrieve a function's name securely
 	- node-get-func-name <unfixed> (bug #1053262)
 	[bookworm] - node-get-func-name <no-dsa> (Minor issue)
 	[bullseye] - node-get-func-name <no-dsa> (Minor issue)
+	[buster] - node-get-func-name <postponed> (Minor issue, ReDoS)
 	NOTE: https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5
 	NOTE: https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69 (v2.0.1)
 CVE-2023-43614 (Cross-site scripting vulnerability in Order Data Edit page of Welcart  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d845a1b42b90d6f3d9bbe3b775ec47484fc5a5d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d845a1b42b90d6f3d9bbe3b775ec47484fc5a5d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231005/f30271cd/attachment.htm>

More information about the debian-security-tracker-commits mailing list