[Git][security-tracker-team/security-tracker][master] Remove some temporary trackings for only unfixed experimental status

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e7457bb by Salvatore Bonaccorso at 2026-06-19T06:02:15+02:00
Remove some temporary trackings for only unfixed experimental status

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -307944,11 +307944,9 @@ CVE-2023-40093 (In multiple files, there is a possible way that trimmed content
 CVE-2023-40057 (The SolarWinds Access Rights Manager was found to be susceptible to a  ...)
 	NOT-FOR-US: SolarWinds
 CVE-2024-21890 (The Node.js Permission Model does not clarify in the documentation tha ...)
-	[experimental] - nodejs <unfixed>
 	- nodejs <not-affected> (Only affects 20.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#improper-handling-of-wildcards-in---allow-fs-read-and---allow-fs-write-cve-2024-21890---medium
 CVE-2024-21891 (Node.js depends on multiple built-in utility functions to normalize pa ...)
-	[experimental] - nodejs <unfixed>
 	- nodejs <not-affected> (Only affects 20.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#multiple-permission-model-bypasses-due-to-improper-path-traversal-sequence-sanitization-cve-2024-21891---medium
 CVE-2023-46809 (Node.js versions which bundle an unpatched version of OpenSSL or run a ...)
@@ -307958,11 +307956,9 @@ CVE-2023-46809 (Node.js versions which bundle an unpatched version of OpenSSL or
 	NOTE: https://github.com/nodejs/node/commit/d3d357ab096884f10f5d2f164149727eea875635 (v18.x)
 	NOTE: https://github.com/nodejs/node/commit/54cd268059626800dbe1e02a88b28d9538cf5587 (main)
 CVE-2024-22017 (setuid() does not affect libuv's internal io_uring operations if initi ...)
-	[experimental] - nodejs <unfixed>
 	- nodejs <not-affected> (Only affects 20.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#setuid-does-not-drop-all-privileges-due-to-io_uring-cve-2024-22017---high
 CVE-2024-21896 (The permission model protects itself against path traversal attacks by ...)
-	[experimental] - nodejs <unfixed>
 	- nodejs <not-affected> (Only affects 20.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/february-2024-security-releases/#path-traversal-by-monkey-patching-buffer-internals-cve-2024-21896---high
 CVE-2024-22019 (A vulnerability in Node.js HTTP servers allows an attacker to send a s ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e7457bb82f34bb85cab5e801943faab77f7aa43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e7457bb82f34bb85cab5e801943faab77f7aa43
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260619/4bc97038/attachment-0001.htm>