[Git][security-tracker-team/security-tracker][master] nodejs fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Feb 18 18:44:28 GMT 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3b68159f by Moritz Muehlenhoff at 2024-02-18T19:44:05+01:00
nodejs fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -136,7 +136,7 @@ CVE-2024-21891
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#multiple-permission-model-bypasses-due-to-improper-path-traversal-sequence-sanitization-cve-2024-21891---medium
CVE-2023-46809
- - nodejs <unfixed> (bug #1064055)
+ - nodejs 18.19.1+dfsg-1 (bug #1064055)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#nodejs-is-vulnerable-to-the-marvin-attack-timing-variant-of-the-bleichenbacher-attack-against-pkcs1-v15-padding-cve-2023-46809---medium
CVE-2024-22017
[experimental] - nodejs <unfixed>
@@ -147,10 +147,10 @@ CVE-2024-21896
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#path-traversal-by-monkey-patching-buffer-internals-cve-2024-21896---high
CVE-2024-22019
- - nodejs <unfixed> (bug #1064055)
+ - nodejs 18.19.1+dfsg-1 (bug #1064055)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#reading-unprocessed-http-request-with-unbounded-chunk-extension-allows-dos-attacks-cve-2024-22019---high
CVE-2024-21892
- - nodejs <unfixed> (bug #1064055)
+ - nodejs 18.19.1+dfsg-1 (bug #1064055)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#code-injection-and-privilege-escalation-through-linux-capabilities-cve-2024-21892---high
CVE-2024-25502 (Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote ...)
NOT-FOR-US: flusity CMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b68159fbf899977e3d3c9b00609110dad5a9aed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b68159fbf899977e3d3c9b00609110dad5a9aed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240218/498c265d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list