Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3ffcdea by Salvatore Bonaccorso at 2023-02-24T08:57:22+01:00
Add CVE-2022-25927/node-ua-parser-js
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -78948,7 +78948,11 @@ CVE-2022-25929 (The package smoothie from 1.31.0 and
before 1.36.1 are vulnerabl
CVE-2022-25928
RESERVED
CVE-2022-25927 (Versions of the package ua-parser-js from 0.7.30 and before
0.7.33, fr ...)
- TODO: check
+ - node-ua-parser-js <unfixed>
+ NOTE:
https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
+ NOTE: https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
+ NOTE:
https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3
+ TODO: check, the ReDoS issue seems still present in 0.8.1+ds+~0.7.36-2
altough this is said to contain the fix
CVE-2022-25926 (Versions of the package window-control before 1.4.5 are
vulnerable to ...)
NOT-FOR-US: Node window-control
CVE-2022-25925
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ffcdea0ecbf11fba72452aa417647675458ef1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3ffcdea0ecbf11fba72452aa417647675458ef1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
