[Git][security-tracker-team/security-tracker][master] CVE-2026-21713/bullseye

Sat May 23 22:06:05 BST 2026


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7121f0e by Bastien Roucariès at 2026-05-23T23:05:50+02:00
CVE-2026-21713/bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35307,6 +35307,7 @@ CVE-2026-21714 (A memory leak occurs in Node.js HTTP/2 servers when a client sen
 CVE-2026-21713 (A flaw in Node.js HMAC verification uses a non-constant-time compariso ...)
 	{DSA-6272-1 DSA-6183-1}
 	- nodejs 22.22.2+dfsg+~cs22.19.15-1
+	[bullseye] - nodejs <not-affected> (vulnerable code introduced later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#timing-side-channel-in-hmac-verification-via-memcmp-in-crypto_hmaccc-leads-to-potential-mac-forgery-cve-2026-21713---medium
 	NOTE: Fixed by: https://github.com/nodejs/node/commit/cfb51fa9ce1da2a8c810ec35bcc7c000f8c94faf (v20.20.2)
 CVE-2026-21712 (A flaw in Node.js URL processing causes an assertion failure in native ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7121f0ee8c97cf2b13f7679da15f21755441f0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7121f0ee8c97cf2b13f7679da15f21755441f0d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260523/416560cc/attachment.htm>
