[Git][security-tracker-team/security-tracker][master] Add two more node-xmldom CVEs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ffb6a58 by Salvatore Bonaccorso at 2026-05-07T11:04:20+02:00
Add two more node-xmldom CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -124,9 +124,23 @@ CVE-2026-41674 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2
 	NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h
 	NOTE: https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314 (0.9.10)
 CVE-2026-41673 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core)  ...)
-	TODO: check
+	- node-xmldom 0.9.10-1
+	NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw
+	NOTE: https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe (0.9.10)
+	NOTE: https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a (0.9.10)
+	NOTE: https://github.com/xmldom/xmldom/commit/5cdb515630fa8ca25f840b3ff1420c045545af1b (0.9.10)
+	NOTE: https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84 (0.9.10)
+	NOTE: https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa (0.9.10)
+	NOTE: https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597 (0.9.10)
+	NOTE: https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb (0.9.10)
+	NOTE: https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3 (0.9.10)
+	NOTE: https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112 (0.9.10)
+	NOTE: https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f (0.9.10)
 CVE-2026-41672 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core)  ...)
-	TODO: check
+	- node-xmldom 0.9.10-1
+	NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8
+	NOTE: https://github.com/xmldom/xmldom/pull/987
+	NOTE: https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1 (0.9.10)
 CVE-2026-41671 (Admidio is an open-source user management solution. Prior to version 5 ...)
 	NOT-FOR-US: Admidio
 CVE-2026-41670 (Admidio is an open-source user management solution. Prior to version 5 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffb6a5830019bf828b7a8c262c5c13ac88d79ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffb6a5830019bf828b7a8c262c5c13ac88d79ad
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260507/22dc0880/attachment.htm>