summaryrefslogtreecommitdiffstats
path: root/data
diff options
context:
space:
mode:
authorAdrian Bunk <bunk@debian.org>2024-03-14 22:02:58 +0200
committerAdrian Bunk <bunk@debian.org>2024-03-14 22:02:58 +0200
commit82f39acdaedb466d3432559b2a8f4de68978be1c (patch)
treece27bf2cf030f63bb1e26c3ef8779889c7035e20 /data
parent2db7de006e7819eb740ad8143a1c134c0ffff2ac (diff)
Reserve DLA-3760-1 for node-xml2js
Diffstat (limited to 'data')
-rw-r--r--data/CVE/list1
-rw-r--r--data/DLA/list3
-rw-r--r--data/dla-needed.txt4
3 files changed, 3 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list
index c4c97333c7..81af6eab31 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -68310,7 +68310,6 @@ CVE-2023-0843
CVE-2023-0842 (xml2js version 0.4.23 allows an external attacker to edit or add new p ...)
- node-xml2js 0.4.23+~cs15.4.0+dfsg-7 (bug #1034148)
[bullseye] - node-xml2js 0.2.8-1.1+deb11u1
- [buster] - node-xml2js <no-dsa> (Minor issue)
NOTE: https://fluidattacks.com/advisories/myers/
NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/issues/663
NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/pull/603
diff --git a/data/DLA/list b/data/DLA/list
index 5517d981dd..fe5fc98938 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[14 Mar 2024] DLA-3760-1 node-xml2js - security update
+ {CVE-2023-0842}
+ [buster] - node-xml2js 0.2.8-1.1+deb11u1~deb10u1
[11 Mar 2024] DLA-3759-1 qemu - security update
{CVE-2023-2861 CVE-2023-3354 CVE-2023-5088}
[buster] - qemu 1:3.1+dfsg-8+deb10u12
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 0d1492dd3b..37cd6c137b 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -167,10 +167,6 @@ linux-5.10
lucene-solr
NOTE: 20240213: Added by Front-Desk (lamby)
--
-node-xml2js (Adrian Bunk)
- NOTE: 20240313: Added by Front-Desk (Beuc)
- NOTE: 20240313: Follow fix from bullseye 11.9 (CVE-2023-0842) (Beuc/front-desk)
---
nodejs (guilhem)
NOTE: 20240218: Added by Front-Desk (lamby)
--

© 2014-2024 Faster IT GmbH | imprint | privacy policy