[Git][security-tracker-team/security-tracker][master] Add CVE-2026-33349/node-webfont

Sat Mar 28 21:00:00 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56156970 by Salvatore Bonaccorso at 2026-03-28T21:59:21+01:00
Add CVE-2026-33349/node-webfont

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3136,7 +3136,10 @@ CVE-2026-33399 (Wallos is an open-source, self-hostable personal subscription tr
 CVE-2026-33353 (Soft Serve is a self-hostable Git server for the command line. From ve ...)
 	NOT-FOR-US: Soft Serve
 CVE-2026-33349 (fast-xml-parser allows users to process XML from JS object without C/C ...)
-	TODO: check
+	- node-webfont <undetermined>
+	NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jp2q-39xq-3w4g
+	NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7
+	NOTE: node-webfont provides node-fast-xml-parser
 CVE-2026-33345 (solidtime is an open-source time-tracking app. Prior to version 0.11.6 ...)
 	NOT-FOR-US: solidtime
 CVE-2026-33344 (Dagu is a workflow engine with a built-in Web user interface. From ver ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56156970a64ba0be6ebc7559ce56efb69e271ce5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56156970a64ba0be6ebc7559ce56efb69e271ce5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/98138eb8/attachment.htm>
