[Secure-testing-commits] r32886 - data/CVE
Paul Wise
pabs at moszumanska.debian.org
Sun Mar 15 12:49:09 UTC 2015
Author: pabs
Date: 2015-03-15 12:49:09 +0000 (Sun, 15 Mar 2015)
New Revision: 32886
Modified:
data/CVE/list
Log:
New node-serve-index issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-15 12:42:28 UTC (rev 32885)
+++ data/CVE/list 2015-03-15 12:49:09 UTC (rev 32886)
@@ -1,3 +1,8 @@
+CVE-2015-XXXX [XSS via filename]
+ - node-serve-index <unfixed> (unimportant)
+ NOTE: libv8 is not covered by security support
+ NOTE: https://nodesecurity.io/advisories/serve-static-xss
+ NOTE: https://github.com/expressjs/serve-index/issues/28
CVE-2015-XXXX [denial of service flaw in VICAR file processing]
- imagemagick <unfixed>
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/4
More information about the Secure-testing-commits
mailing list