[Secure-testing-commits] r40333 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Fri Mar 11 21:13:04 UTC 2016
Author: jmm
Date: 2016-03-11 21:13:04 +0000 (Fri, 11 Mar 2016)
New Revision: 40333
Modified:
data/CVE/list
Log:
uglifyjs unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-11 21:06:51 UTC (rev 40332)
+++ data/CVE/list 2016-03-11 21:13:04 UTC (rev 40333)
@@ -1933,15 +1933,17 @@
CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...)
NOT-FOR-US: SAP
CVE-2015-XXXX [incorrect handling of non-boolean comparisons during minification]
- - uglifyjs <unfixed>
+ - uglifyjs <unfixed> (unimportant)
NOTE: fixed in 2.4.24
NOTE: https://zyan.scripts.mit.edu/blog/backdooring-js/
NOTE: https://github.com/mishoo/UglifyJS2/issues/751
NOTE: https://nodesecurity.io/advisories/39
+ NOTE: nodejs not covered by security support
CVE-2015-XXXX [regex DoS]
- - uglifyjs <unfixed>
+ - uglifyjs <unfixed> (unimportant)
NOTE: fixed in 2.6.0
NOTE: https://nodesecurity.io/advisories/48
+ NOTE: nodejs not covered by security support
CVE-2015-XXXX [root path disclosure]
- node-send <unfixed> (unimportant)
NOTE: fixed in 0.11.1
More information about the Secure-testing-commits
mailing list