Bug 28984

Summary: nodejs-underscore new security issue CVE-2021-23358
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Thierry Vignaud <thierry.vignaud>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal    
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: nodejs-underscore-1.9.1-2.mga8.src.rpm CVE:
Status comment: Patch available from Debian

Description David Walser 2021-05-28 22:05:33 CEST 
Debian and Ubuntu have issued advisories on April 1 and April 14:
https://www.debian.org/security/2021/dsa-4883
https://ubuntu.com/security/notices/USN-4913-1

The issue is fixed upstream in 1.12.1.

Mageia 7 is also affected.
David Walser 2021-05-28 22:05:46 CEST

Whiteboard: (none) => MGA7TOO
Status comment: (none) => Patch available from Debian

Comment 1 David Walser 2021-06-13 18:48:49 CEST 
Package appears to have mysteriously disappeared just before the Mageia 8 release:
https://bugs.mageia.org/show_bug.cgi?id=29112#c7

Whiteboard: MGA7TOO => (none)
Version: 8 => 7

Comment 2 David Walser 2021-07-01 18:31:57 CEST 
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Resolution: (none) => OLD
Status: NEW => RESOLVED