Bug 28984 - nodejs-underscore new security issue CVE-2021-23358
Summary: nodejs-underscore new security issue CVE-2021-23358
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: Thierry Vignaud
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-28 22:05 CEST by David Walser
Modified: 2021-07-01 18:31 CEST (History)
0 users

See Also:
Source RPM: nodejs-underscore-1.9.1-2.mga8.src.rpm
CVE:
Status comment: Patch available from Debian

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-05-28 22:05:33 CEST 
Debian and Ubuntu have issued advisories on April 1 and April 14:
https://www.debian.org/security/2021/dsa-4883
https://ubuntu.com/security/notices/USN-4913-1

The issue is fixed upstream in 1.12.1.

Mageia 7 is also affected.
David Walser 2021-05-28 22:05:46 CEST

Whiteboard: (none) => MGA7TOO
Status comment: (none) => Patch available from Debian

Comment 1 David Walser 2021-06-13 18:48:49 CEST 
Package appears to have mysteriously disappeared just before the Mageia 8 release:
https://bugs.mageia.org/show_bug.cgi?id=29112#c7

Whiteboard: MGA7TOO => (none)
Version: 8 => 7

Comment 2 David Walser 2021-07-01 18:31:57 CEST 
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Resolution: (none) => OLD
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.