[Git][security-tracker-team/security-tracker][master] Add CVE-2024-3026{0,1}/node-undici
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 4 21:40:55 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d59b610b by Salvatore Bonaccorso at 2024-04-04T22:40:24+02:00
Add CVE-2024-3026{0,1}/node-undici
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24,9 +24,16 @@ CVE-2024-30266 (wasmtime is a runtime for WebAssembly. The 19.0.0 release of Was
CVE-2024-30263 (macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. ...)
NOT-FOR-US: PDF Viewer Macro for XWiki
CVE-2024-30261 (Undici is an HTTP/1.1 client, written from scratch for Node.js. An att ...)
- TODO: check
+ - node-undici <unfixed>
+ NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672
+ NOTE: https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055 (v5.28.4)
+ NOTE: https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3 (v6.11.1)
+ NOTE: https://hackerone.com/reports/2377760
CVE-2024-30260 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici ...)
- TODO: check
+ - node-undici <unfixed>
+ NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7
+ NOTE: https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f (v5.28.4)
+ NOTE: https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75 (v6.11.1)
CVE-2024-30254 (MesonLSP is an unofficial, unendorsed language server for meson writte ...)
TODO: check
CVE-2024-30252 (Livemarks is a browser extension that provides RSS feed bookmark folde ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d59b610bda05567b7328dc0d71b5ac12bd8b196f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d59b610bda05567b7328dc0d71b5ac12bd8b196f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240404/e8d4bc2e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list