[Git][security-tracker-team/security-tracker][master] node-node-forge: proposed for EOL

[Sylvain Beucler (@beuc)]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13c257cc by Sylvain Beucler at 2026-01-02T22:01:05+01:00
node-node-forge: proposed for EOL

https://salsa.debian.org/debian/debian-security-support/-/merge_requests/54

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16953,12 +16953,12 @@ CVE-2025-66035 (Angular is a development platform for building mobile and deskto
 	TODO: check, might not affect 1.x versions of Angular, code is significantly diverging
 CVE-2025-66031 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
 	- node-node-forge <removed>
-	[bullseye] - node-node-forge <postponed> (Minor issue, no reverse dependencies)
+	[bullseye] - node-node-forge <postponed> (Minor issue, proposed for EOL)
 	NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27
 	NOTE: https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451 (v1.3.2)
 CVE-2025-66030 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
 	- node-node-forge <removed>
-	[bullseye] - node-node-forge <postponed> (Minor issue, no reverse dependencies)
+	[bullseye] - node-node-forge <postponed> (Minor issue, proposed for EOL)
 	NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g
 	NOTE: https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb (v1.3.2)
 CVE-2025-65202 (TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command inje ...)
@@ -17489,7 +17489,7 @@ CVE-2025-13467 (A flaw was found in the Keycloak LDAP User Federation provider.
 	- keycloak <itp> (bug #1088287)
 CVE-2025-12816 (An interpretation-conflict (CWE-436) vulnerability in node-forge versi ...)
 	- node-node-forge <removed>
-	[bullseye] - node-node-forge <postponed> (Minor issue, no reverse dependencies)
+	[bullseye] - node-node-forge <postponed> (Minor issue, proposed for EOL)
 	NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
 	NOTE: Fixed by: https://github.com/digitalbazaar/forge/commit/a05dd812ec2de46ece35a11ab4b46c9d283d1505 (v1.3.2)
 	NOTE: https://github.com/digitalbazaar/forge/blob/235ad3e70e4fdfdca4fdeb662dfba6588e2c38bd/tests/security/cve-2025-12816.js (Tests added)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c257ccb3ad3082ea1477196cd174ca1f3eb608

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13c257ccb3ad3082ea1477196cd174ca1f3eb608
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260102/6eb3d5dd/attachment.htm>