[Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2024-4068/node-braces

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 22 21:25:54 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ceeb6abf by Salvatore Bonaccorso at 2024-05-22T22:24:10+02:00
Reference fix for CVE-2024-4068/node-braces

Note this is in upstream 3.0.3. Checking 3.0.3+~3.0.4-1 though the code
is not inclued. What is 3.0.3+~3.0.4 refering to? This needs
double-checking to see if the issue was fixed in the last upload to
unstable.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6063,6 +6063,7 @@ CVE-2024-4068 (The NPM package `braces`, versions prior to 3.0.3, fails to limit
 	[bullseye] - node-braces <no-dsa> (Minor issue)
 	[buster] - node-braces <postponed> (Minor issue)
 	NOTE: https://github.com/micromatch/braces/issues/35
+	NOTE: Fixed by: https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3 (3.0.3)
 CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...)
 	- node-micromatch <unfixed> (bug #1071631)
 	[bookworm] - node-micromatch <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceeb6abf3bc08c2c81e86de151967575d3014f5a

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceeb6abf3bc08c2c81e86de151967575d3014f5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/ab0475a5/attachment.htm>


More information about the debian-security-tracker-commits mailing list