[Git][security-tracker-team/security-tracker][master] Update status for two node-tmp issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 12 12:44:32 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39a7b9c9 by Salvatore Bonaccorso at 2026-06-12T13:44:07+02:00
Update status for two node-tmp issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -348,7 +348,7 @@ CVE-2026-4764 (A Missing Authorization vulnerability in the playbook import func
 CVE-2026-4096 (IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injec ...)
 	NOT-FOR-US: IBM
 CVE-2026-49982 (tmp is a temporary file and directory creator for node.js. In version  ...)
-	- node-tmp <unfixed>
+	- node-tmp <not-affected> (Fix for CVE-2026-44705 not applied)
 	NOTE: https://github.com/raszi/node-tmp/security/advisories/GHSA-7c78-jf6q-g5cm
 	NOTE: Fixed by: https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153 (v0.2.7)
 CVE-2026-49219 (ImageMagick is free and open-source software used for editing and mani ...)
@@ -491,7 +491,10 @@ CVE-2026-45176 (Idira Endpoint Privilege Manager Agent versions prior to 26.5 ex
 CVE-2026-45106 (Weblate is a web based localization tool. Prior to version 2026.5, Web ...)
 	- weblate <itp> (bug #745661)
 CVE-2026-44705 (tmp is a temporary file and directory creator for node.js. Prior to 0. ...)
-	TODO: check
+	- node-tmp <unfixed>
+	NOTE: https://github.com/raszi/node-tmp/security/advisories/GHSA-ph9p-34f9-6g65
+	NOTE: Fixed by: https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429 (v0.2.6)
+	NOTE: When fixing this issue make sure to fix it completely to not open up CVE-2026-49982
 CVE-2026-44693 (Pi-hole FTL is the core engine of the Pi-hole network-level advertisem ...)
 	NOT-FOR-US: Pi-hole FTL
 CVE-2026-44692 (Sharp is a content management framework built for Laravel as a package ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39a7b9c949693177faacbe49c9259a42a15fca88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39a7b9c949693177faacbe49c9259a42a15fca88
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/cc19f125/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list