[Git][security-tracker-team/security-tracker][master] Track proposed fixes for node-dompurify via bookworm-pu
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 2 08:03:28 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0741bcd8 by Salvatore Bonaccorso at 2024-11-02T09:00:11+01:00
Track proposed fixes for node-dompurify via bookworm-pu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -545,6 +545,7 @@ CVE-2024-49674 (Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser E
NOT-FOR-US: WordPress plugin
CVE-2024-48910 (DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...)
- node-dompurify 3.0.9+dfsg+~3.0.5-1
+ [bookworm] - node-dompurify <no-dsa> (Minor issue; will be fixed via point release)
NOTE: https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr
NOTE: https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc (2.4.2)
CVE-2024-48360 (Qualitor v8.24 was discovered to contain a Server-Side Request Forgery ...)
=====================================
data/next-point-update.txt
=====================================
@@ -134,3 +134,7 @@ CVE-2024-8096
[bookworm] - curl 7.88.1-10+deb12u8
CVE-2024-7409
[bookworm] - qemu 1:7.2+dfsg-7+deb12u8
+CVE-2024-45801
+ [bookworm] - node-dompurify 2.4.1+dfsg+~2.4.0-2+deb12u1
+CVE-2024-48910
+ [bookworm] - node-dompurify 2.4.1+dfsg+~2.4.0-2+deb12u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0741bcd8e249617a586ee5f38e78dbf775559e42
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0741bcd8e249617a586ee5f38e78dbf775559e42
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241102/efe73c9f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list