[Secure-testing-commits] r40036 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2016-02-28 22:19:06 +0000 (Sun, 28 Feb 2016)
New Revision: 40036

Modified:
   data/CVE/list
Log:
more unimportant node packages


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-28 22:09:13 UTC (rev 40035)
+++ data/CVE/list	2016-02-28 22:19:06 UTC (rev 40036)
@@ -4,10 +4,12 @@
 	NOTE: https://nodesecurity.io/advisories/67
 	NOTE: nodejs not covered by security support
 CVE-2016-XXXX [regular expression DoS]
-	- node-moment <unfixed>
+	- node-moment <unfixed> (unimportant)
 	NOTE: fixed in 2.11.2
 	NOTE: https://github.com/moment/moment/pull/2939
 	NOTE: https://nodesecurity.io/advisories/55
+	NOTE: nodejs not covered by security support
+	TODO: File bug
 CVE-2016-2782
 	- linux <unfixed>
 	- linux-2.6 <removed>
@@ -575,11 +577,13 @@
 	NOTE: fixed in 2.6.0
 	NOTE: https://nodesecurity.io/advisories/48
 CVE-2015-XXXX [root path disclosure]
-	- node-send <unfixed>
+	- node-send <unfixed> (unimportant)
 	NOTE: fixed in 0.11.1
 	NOTE: https://github.com/pillarjs/send/pull/70
 	NOTE: https://github.com/expressjs/serve-static/blob/master/HISTORY.md#181--2015-01-20
 	NOTE: https://nodesecurity.io/advisories/56
+	TODO: File bug
+	NOTE: nodejs not covered by security support
 CVE-2015-XXXX [handlebars: quoteless attributes in templates can lead to content injection]
 	- libjs-handlebars <unfixed>
 	- ruby-handlebars-assets <unfixed>
@@ -593,9 +597,10 @@
 	NOTE: https://github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5
 	NOTE: https://nodesecurity.io/advisories/62
 CVE-2015-XXXX [SQL injection due to unescaped object keys]
-	- node-mysql 2.0.0~alpha8-1
+	- node-mysql 2.0.0~alpha8-1 (unimportant)
 	NOTE: https://github.com/felixge/node-mysql/issues/342
 	NOTE: https://nodesecurity.io/advisories/66
+	NOTE: nodejs not covered by security support
 CVE-2015-8816 [USB hub invalid memory access in hub_activate()]
 	RESERVED
 	- linux 4.4.2-1