[Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2024-4068/node-braces
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 22 21:25:54 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ceeb6abf by Salvatore Bonaccorso at 2024-05-22T22:24:10+02:00
Reference fix for CVE-2024-4068/node-braces
Note this is in upstream 3.0.3. Checking 3.0.3+~3.0.4-1 though the code
is not inclued. What is 3.0.3+~3.0.4 refering to? This needs
double-checking to see if the issue was fixed in the last upload to
unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6063,6 +6063,7 @@ CVE-2024-4068 (The NPM package `braces`, versions prior to 3.0.3, fails to limit
[bullseye] - node-braces <no-dsa> (Minor issue)
[buster] - node-braces <postponed> (Minor issue)
NOTE: https://github.com/micromatch/braces/issues/35
+ NOTE: Fixed by: https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3 (3.0.3)
CVE-2024-4067 (The NPM package `micromatch` is vulnerable to Regular Expression Denia ...)
- node-micromatch <unfixed> (bug #1071631)
[bookworm] - node-micromatch <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceeb6abf3bc08c2c81e86de151967575d3014f5a
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ceeb6abf3bc08c2c81e86de151967575d3014f5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240522/ab0475a5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list