[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-59464

Thu Jan 15 20:08:27 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3d5bfa78 by Salvatore Bonaccorso at 2026-01-15T21:06:19+01:00
Update status for CVE-2025-59464

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -755,7 +755,7 @@ CVE-2026-21636 [Node.js permission model bypass via unchecked Unix Domain Socket
 	- nodejs <not-affected> (Only affects Node.js v25)
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#nodejs-permission-model-bypass-via-unchecked-unix-domain-socket-connections-uds-cve-2026-21636---medium
 CVE-2025-59464 [Memory leak that enables remote Denial of Service against applications processing TLS client certificates]
-	- nodejs <unfixed>
+	- nodejs <not-affected> (Only affects Node.js v24 releases and fixed in v24.12.0)
 	NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#memory-leak-that-enables-remote-denial-of-service-against-applications-processing-tls-client-certificates-cve-2025-59464---medium
 CVE-2025-59466 [Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers]
 	- nodejs 22.22.0+dfsg+~cs22.19.6-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d5bfa782af22ef812b1bb8593a80c447de7d436

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d5bfa782af22ef812b1bb8593a80c447de7d436
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260115/8a9dae69/attachment-0001.htm>
