[Secure-testing-commits] r56389 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Oct 3 21:47:45 UTC 2017
Author: jmm
Date: 2017-10-03 21:47:45 +0000 (Tue, 03 Oct 2017)
New Revision: 56389
Modified:
data/CVE/list
Log:
node-tough-cookie bug
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-03 21:43:02 UTC (rev 56388)
+++ data/CVE/list 2017-10-03 21:47:45 UTC (rev 56389)
@@ -1,7 +1,9 @@
CVE-2017-15011 (The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and ...)
TODO: check, can't make much sense of it, probably limited to Win32
CVE-2017-15010 (A ReDoS (regular expression denial of service) flaw was found in the ...)
- - node-tough-cookie <unfixed>
+ - node-tough-cookie <unfixed> (bug #877660)
+ NOTE: https://github.com/salesforce/tough-cookie/issues/92
+ NOTE: https://nodesecurity.io/advisories/525
CVE-2017-15009 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2017-15008 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored ...)
More information about the Secure-testing-commits
mailing list