[Git][security-tracker-team/security-tracker][master] nanoid is bundled in node-postcss
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Dec 10 10:53:31 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c6f0f653 by Moritz Muehlenhoff at 2024-12-10T11:53:10+01:00
nanoid is bundled in node-postcss
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -437,7 +437,8 @@ CVE-2024-55566 (ColPack 1.0.10 through 9a7293a has a predictable temporary file
- colpack <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1225617
CVE-2024-55565 (nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 ...)
- NOT-FOR-US: nanoid
+ - node-postcss <unfixed>
+ NOTE: node-postcss bundles nanoid
CVE-2024-55564 (The POSIX::2008 package before 0.24 for Perl has a potential _execve50 ...)
- libposix-2008-perl 0.24-1
CVE-2024-55563 (Bitcoin Core through 27.2 allows transaction-relay jamming via an off- ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6f0f653d63f27d8e6734f849e8e24e8597845c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6f0f653d63f27d8e6734f849e8e24e8597845c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241210/8a7a56fa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list