diff options
| author | Moritz Mühlenhoff <jmm@debian.org> | 2021-07-29 17:03:12 +0200 |
|---|---|---|
| committer | Moritz Mühlenhoff <jmm@debian.org> | 2021-07-29 17:03:12 +0200 |
| commit | d6561e1f23c8544a607fd4d7daa66eed08182d27 (patch) | |
| tree | 4decc24401e6bfdd6d6cda78a77598efe3c5e4dd | |
| parent | 77c5700eef4388a9ee3ca6f3e48a289792b3fe82 (diff) | |
node-jszip spu
| -rw-r--r-- | data/CVE/list | 1 | ||||
| -rw-r--r-- | data/next-point-update.txt | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index c40645fe31..903b450650 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -33940,6 +33940,7 @@ CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribu TODO: check CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...) - node-jszip 3.5.0+dfsg-2 + [buster] - node-jszip <no-dsa> (Minor issue) NOTE: https://github.com/Stuk/jszip/pull/766 NOTE: https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36 CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Injection ...) diff --git a/data/next-point-update.txt b/data/next-point-update.txt index fc20ac0336..4a18904106 100644 --- a/data/next-point-update.txt +++ b/data/next-point-update.txt @@ -75,3 +75,5 @@ CVE-2021-28678 [buster] - pillow 5.4.1-2+deb10u3 CVE-2021-34552 [buster] - pillow 5.4.1-2+deb10u3 +CVE-2021-23413 + [buster] - node-jszip 3.1.4+dfsg-1+deb10u1 |