diff options
author | Moritz Mühlenhoff <jmm@debian.org> | 2022-01-31 20:55:30 +0100 |
---|---|---|
committer | Moritz Mühlenhoff <jmm@debian.org> | 2022-01-31 20:56:00 +0100 |
commit | 510ca001eadc19886e1cdcb8c42bf9777d993acc (patch) | |
tree | 6d7f02913bd543254dae57d7374a6d57637d73fe | |
parent | e6c9db17ce5f24e19bfddb8bb98eff69bb3161bd (diff) |
node-cached-path-relative spu
-rw-r--r-- | data/CVE/list | 2 | ||||
-rw-r--r-- | data/next-point-update.txt | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 57878421dd..d06fb2786f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -67902,6 +67902,8 @@ CVE-2021-23519 RESERVED CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...) - node-cached-path-relative 1.1.0+~1.0.0-1 (bug #1004338) + [bullseye] - node-cached-path-relative <no-dsa> (Minor issue) + [buster] - node-cached-path-relative <no-dsa> (Minor issue) NOTE: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760 NOTE: results from incomplete fix for https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573 NOTE: which was CVE-2018-16472. diff --git a/data/next-point-update.txt b/data/next-point-update.txt index 00e55cd88b..1d27eccf0d 100644 --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -48,3 +48,5 @@ CVE-2022-0235 [bullseye] - node-fetch 2.6.1-5+deb11u1 CVE-2021-40516 [bullseye] - weechat 3.0-1+deb11u1 +CVE-2021-23518 + [bullseye] - node-cached-path-relative 1.0.2-1+deb11u1 |