[Git][security-tracker-team/security-tracker][master] Add two new node-anymatch issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 28 11:00:57 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7455f427 by Salvatore Bonaccorso at 2026-03-28T12:00:38+01:00
Add two new node-anymatch issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -387,9 +387,15 @@ CVE-2026-33674 (PrestaShop is an open source e-commerce web application. Version
 CVE-2026-33673 (PrestaShop is an open source e-commerce web application. Versions prio ...)
 	NOT-FOR-US: PrestaShop
 CVE-2026-33672 (Picomatch is a glob matcher written JavaScript. Versions prior to 4.0. ...)
-	TODO: check
+	- node-anymatch <unfixed>
+	NOTE: https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p
+	NOTE: Fixed by: https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903
+	NOTE: node-anymatch provides node-picomatch
 CVE-2026-33671 (Picomatch is a glob matcher written JavaScript. Versions prior to 4.0. ...)
-	TODO: check
+	- node-anymatch <unfixed>
+	NOTE: https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj
+	NOTE: Fixed by: https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d
+	NOTE: node-anymatch provides node-picomatch
 CVE-2026-33670 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
 	NOT-FOR-US: SiYuan
 CVE-2026-33669 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7455f42715c0447273f42a7e19b1df7c3c35aa7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7455f42715c0447273f42a7e19b1df7c3c35aa7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/fb94a150/attachment.htm>

More information about the debian-security-tracker-commits mailing list