[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2024-29415/node-ip as postponed on buster
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Fri May 31 08:23:20 BST 2024
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34fd4dc9 by Emilio Pozuelo Monfort at 2024-05-31T09:18:00+02:00
Mark CVE-2024-29415/node-ip as postponed on buster
- - - - -
22bd0d06 by Emilio Pozuelo Monfort at 2024-05-31T09:22:31+02:00
yyjson has been uploaded to Debian
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -980,6 +980,7 @@ CVE-2024-29415 (The ip package through 2.0.1 for Node.js might allow SSRF becaus
- node-ip <unfixed> (bug #1072121)
[bookworm] - node-ip <no-dsa> (Minor issue)
[bullseye] - node-ip <no-dsa> (Minor issue)
+ [buster] - node-ip <postponed> (Minor issue)
NOTE: https://github.com/indutny/node-ip/issues/150
NOTE: https://github.com/indutny/node-ip/pull/144
NOTE: https://github.com/indutny/node-ip/pull/143
@@ -35981,7 +35982,8 @@ CVE-2024-25714 (In Rhonabwy through 1.1.13, HMAC signature verification uses a s
[bullseye] - rhonabwy <no-dsa> (Minor issue)
NOTE: https://github.com/babelouest/rhonabwy/commit/f9fd9a1c77e48b514ebb3baf0360f87eef3d846e
CVE-2024-25713 (yyjson through 0.8.0 has a double free, leading to remote code executi ...)
- - yyjson <itp> (bug #972804)
+ - yyjson <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh
CVE-2024-25712 (http-swagger before 1.2.6 allows XSS via PUT requests, because a file ...)
NOT-FOR-US: http-swagger
CVE-2024-23724 (Ghost through 5.76.0 allows stored XSS, and resultant privilege escala ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/755361b2674067ab3147e7f36d93ee7f24d93421...22bd0d06d14b7ce582d7c916896011e8df8e870a
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/755361b2674067ab3147e7f36d93ee7f24d93421...22bd0d06d14b7ce582d7c916896011e8df8e870a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240531/e002e13b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list