[Git][security-tracker-team/security-tracker][master] Track two more CVEs as fixed in unstable upload for nodejs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 19 05:01:40 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f1723fd by Salvatore Bonaccorso at 2026-06-19T06:01:11+02:00
Track two more CVEs as fixed in unstable upload for nodejs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26,7 +26,7 @@ CVE-2026-48618
 	- nodejs 24.17.0+dfsg+~cs24.13.2-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#nodejs-unicode-dot-separator-handling-can-lead-to-tls-wildcard-depth-authentication-bypass-due-to-resolver-and-verifier-hostname-normalization-mismat-cve-2026-48618---high
 CVE-2026-48933
-	- nodejs <unfixed>
+	- nodejs 24.17.0+dfsg+~cs24.13.2-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#nodejs-webcrypto-aes-integer-overflow-leads-to-remote-process-abort-dos-cve-2026-48933---high
 CVE-2026-9815 (The MagicForm WordPress plugin through 0.1.3 does not properly validat ...)
 	NOT-FOR-US: WordPress plugin
@@ -116,7 +116,7 @@ CVE-2026-48985 (pam_usb provides hardware authentication for Linux using ordinar
 CVE-2026-48984 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
 	NOT-FOR-US: pam_usb
 CVE-2026-48937 (A flaw in Node.js HTTP/2 server API can cause servers to keep acceptin ...)
-	- nodejs <unfixed>
+	- nodejs 24.17.0+dfsg+~cs24.13.2-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#http2-sessions-never-clean-up-after-goaway-on-invalid-protocol-errors-cve-2026-48937---medium
 CVE-2026-48617 (A flaw in Node.js Permission Model enforcement allows Bypass via `proc ...)
 	- nodejs 24.17.0+dfsg+~cs24.13.2-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f1723fd06c91da18890a710f19b094d0515253c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f1723fd06c91da18890a710f19b094d0515253c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260619/1f3f61f3/attachment.htm>

More information about the debian-security-tracker-commits mailing list