[Secure-testing-commits] r39984 - data/CVE
Paul Wise
pabs at moszumanska.debian.org
Sat Feb 27 10:28:47 UTC 2016
Author: pabs
Date: 2016-02-27 10:28:47 +0000 (Sat, 27 Feb 2016)
New Revision: 39984
Modified:
data/CVE/list
Log:
node-send root path disclosure
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-27 10:25:33 UTC (rev 39983)
+++ data/CVE/list 2016-02-27 10:28:47 UTC (rev 39984)
@@ -544,6 +544,12 @@
NOT-FOR-US: SAP
CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...)
NOT-FOR-US: SAP
+CVE-2015-XXXX [root path disclosure]
+ - node-send <unfixed>
+ NOTE: fixed in 0.11.1
+ NOTE: https://github.com/pillarjs/send/pull/70
+ NOTE: https://github.com/expressjs/serve-static/blob/master/HISTORY.md#181--2015-01-20
+ NOTE: https://nodesecurity.io/advisories/56
CVE-2015-XXXX [handlebars: quoteless attributes in templates can lead to content injection]
- libjs-handlebars <unfixed>
- ruby-handlebars-assets <unfixed>
More information about the Secure-testing-commits
mailing list