[Git][security-tracker-team/security-tracker][master] new nodejs issues

Moritz Muehlenhoff jmm at debian.org
Fri Aug 17 09:45:49 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
585d7753 by Moritz Muehlenhoff at 2018-08-17T08:45:22Z
new nodejs issues
mono no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1748,10 +1748,10 @@ CVE-2018-14597
 	RESERVED
 CVE-2018-1002208 (sharplibzip before 1.0 RC1 is vulnerable to directory traversal, ...)
 	- mono <unfixed>
+	[stretch] - mono <no-dsa> (Minor issue)
 	- mono-reference-assemblies <unfixed> (unimportant)
 	NOTE: https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247
 	NOTE: https://github.com/icsharpcode/SharpZipLib/issues/232
-	TODO: further checks
 CVE-2018-1002207 (mholt/archiver golang package before ...)
 	NOT-FOR-US: golang-github-mholt-archiver
 CVE-2018-1002206 (SharpCompress before 0.21.0 is vulnerable to directory traversal, ...)
@@ -8002,6 +8002,9 @@ CVE-2018-12116
 	RESERVED
 CVE-2018-12115
 	RESERVED
+	- nodejs <unfixed> (unimportant)
+	NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
+	NOTE: Nodejs not covered by security support
 CVE-2018-12114 (Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user ...)
 	NOT-FOR-US: Maccms
 CVE-2018-12113 (Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow ...)
@@ -21323,6 +21326,9 @@ CVE-2018-7167 (Calling Buffer.fill() or Buffer.alloc() with some parameters can 
 	NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#calls-to-buffer-fill-and-or-buffer-alloc-may-hang-cve-2018-7167
 CVE-2018-7166
 	RESERVED
+	[experimental] - nodejs <unfixed>
+	- nodejs <not-affected> (Only affects 10.x and later)
+	NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
 CVE-2018-7165
 	RESERVED
 CVE-2018-7164 (Node.js versions 9.7.0 and later and 10.x are vulnerable and the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/585d7753ec4c988fd6e13ecbc1570c23afecfeb6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/585d7753ec4c988fd6e13ecbc1570c23afecfeb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180817/1047568f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list