[Git][security-tracker-team/security-tracker][master] Add Debian bug references for node-pbkdf2 issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 24 19:52:30 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4522239b by Salvatore Bonaccorso at 2025-06-24T20:52:19+02:00
Add Debian bug references for node-pbkdf2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -186,11 +186,11 @@ CVE-2024-56731 (Gogs is an open source self-hosted Git service. Prior to version
CVE-2025-2828 (A Server-Side Request Forgery (SSRF) vulnerability exists in the Reque ...)
NOT-FOR-US: langchain-community
CVE-2025-6547 (Improper Input Validation vulnerability in pbkdf2 allows Signature Spo ...)
- - node-pbkdf2 <unfixed>
+ - node-pbkdf2 <unfixed> (bug #1108282)
NOTE: https://github.com/browserify/pbkdf2/security/advisories/GHSA-v62p-rq8g-8h59
NOTE: Fixed by: https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb (v3.1.3)
CVE-2025-6545 (Improper Input Validation vulnerability in pbkdf2 allows Signature Spo ...)
- - node-pbkdf2 <unfixed>
+ - node-pbkdf2 <unfixed> (bug #1108283)
NOTE: https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6
NOTE: Introduced by: https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078 (v3.0.10)
NOTE: Fixed by: https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb (v3.1.3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4522239b58ad470bb966769002b4156e5217c07b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4522239b58ad470bb966769002b4156e5217c07b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250624/db5f84c2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list