[Git][security-tracker-team/security-tracker][master] Triage CVE-2026-41907 & CVE-2026-41988 in node-uuid for bullseye LTS.

Chris Lamb (@lamby) lamby at debian.org
Thu Apr 30 13:15:55 BST 2026 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
58c8cf3d by Chris Lamb at 2026-04-30T05:15:40-07:00
Triage CVE-2026-41907 & CVE-2026-41988 in node-uuid for bullseye LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1941,6 +1941,7 @@ CVE-2026-41907 (uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Pr
 	- node-uuid 14.0.0+~11.0.0-1
 	[trixie] - node-uuid <no-dsa> (Minor issue)
 	[bookworm] - node-uuid <no-dsa> (Minor issue)
+	[bullseye] - node-uuid <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq
 	NOTE: Fixed by: https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34 (v14.0.0)
 	NOTE: Duplicate with CVE-2026-41988 (CNA contacted)
@@ -3136,6 +3137,7 @@ CVE-2026-41988 (uuid before 14.0.0 can make unexpected writes when external outp
 	- node-uuid 14.0.0+~11.0.0-1
 	[trixie] - node-uuid <no-dsa> (Minor issue)
 	[bookworm] - node-uuid <no-dsa> (Minor issue)
+	[bullseye] - node-uuid <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq
 	NOTE: Fixed by: https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34 (v14.0.0)
 CVE-2026-41679 (Paperclip is a Node.js server and React UI that orchestrates a team of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58c8cf3d417493cd7c0817572f889444efe84d67

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58c8cf3d417493cd7c0817572f889444efe84d67
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260430/47192ab4/attachment.htm>

More information about the debian-security-tracker-commits mailing list