[Git][security-tracker-team/security-tracker][master] Update versions referenced for node-sanitize-html commits

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 9 20:05:53 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a46f4c1 by Salvatore Bonaccorso at 2025-09-09T21:05:42+02:00
Update versions referenced for node-sanitize-html commits

Back then the code apparently did not tag the version but the followup
fix was in a 1.0.3 released version, and the first attempt in 1.0.2.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -224,8 +224,8 @@ CVE-2019-25225 (`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cro
 CVE-2014-125128 ('sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scr ...)
 	- node-sanitize-html <not-affected> (Fixed before initial upload to the archive)
 	NOTE: https://github.com/apostrophecms/sanitize-html/issues/1
-	NOTE: https://github.com/apostrophecms/sanitize-html/commit/889d4ec968e175f1905b2eb9d33f1fa89217cb02 (1.10.1)
-	NOTE: https://github.com/apostrophecms/sanitize-html/commit/423b90e06e1e85245eccedaabeb3a82840c6cd86 (1.10.1)
+	NOTE: https://github.com/apostrophecms/sanitize-html/commit/889d4ec968e175f1905b2eb9d33f1fa89217cb02 (1.0.2)
+	NOTE: https://github.com/apostrophecms/sanitize-html/commit/423b90e06e1e85245eccedaabeb3a82840c6cd86 (1.0.3)
 CVE-2025-40930 (JSON::SIMD before version 1.07 and earlier for Perl has an integer buf ...)
 	NOT-FOR-US: JSON::SIMD Perl module
 CVE-2025-40929 (Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer ov ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a46f4c156d8fdb30448a4ef16bb9631c86fecd1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a46f4c156d8fdb30448a4ef16bb9631c86fecd1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250909/c5038499/attachment.htm>

More information about the debian-security-tracker-commits mailing list