[Git][security-tracker-team/security-tracker][master] add nodejs upstream fixes
Moritz Muehlenhoff
jmm at debian.org
Wed Aug 29 15:56:41 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4aff5c3b by Moritz Muehlenhoff at 2018-08-29T14:56:13Z
add nodejs upstream fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9668,6 +9668,7 @@ CVE-2018-12115 (In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 wh
- nodejs <unfixed> (unimportant)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
NOTE: Nodejs not covered by security support
+ NOTE: https://github.com/nodejs/node/commit/fc14d812b7
CVE-2018-12114 (Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user ...)
NOT-FOR-US: Maccms
CVE-2018-12113 (Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow ...)
@@ -23048,6 +23049,7 @@ CVE-2018-7166 (In all versions of Node.js 10 prior to 10.9.0, an argument proces
[experimental] - nodejs <unfixed>
- nodejs <not-affected> (Only affects 10.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
+ NOTE: https://github.com/nodejs/node/commit/40a7beeddac9b9ec9ef5b49157daaf8470648b08
CVE-2018-7165
RESERVED
CVE-2018-7164 (Node.js versions 9.7.0 and later and 10.x are vulnerable and the ...)
@@ -23055,6 +23057,7 @@ CVE-2018-7164 (Node.js versions 9.7.0 and later and 10.x are vulnerable and the
[stretch] - nodejs <not-affected> (Only affects >= 9.x)
[jessie] - nodejs <not-affected> (Only affects >= 9.x)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#memory-exhaustion-dos-on-v9-x-cve-2018-7164
+ NOTE: https://github.com/nodejs/node/commit/3217e8e66fa81e
CVE-2018-7163
RESERVED
CVE-2018-7162 (All versions of Node.js 9.x and 10.x are vulnerable and the severity ...)
@@ -23062,11 +23065,13 @@ CVE-2018-7162 (All versions of Node.js 9.x and 10.x are vulnerable and the sever
[stretch] - nodejs <not-affected> (Only affects >= 8.x)
[jessie] - nodejs <not-affected> (Only affects >= 8.x)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#denial-of-service-vulnerability-in-tls-cve-2018-7162
+ NOTE: https://github.com/nodejs/node/commit/0cb3325f1
CVE-2018-7161 (All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the ...)
- nodejs <unfixed> (unimportant)
[stretch] - nodejs <not-affected> (Only affects >= 8.x)
[jessie] - nodejs <not-affected> (Only affects >= 8.x)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#denial-of-service-vulnerability-in-http-2-cve-2018-7161
+ NOTE: https://github.com/nodejs/node/commit/8bf213dbdc7e
CVE-2018-7160 (The Node.js inspector, in 6.x and later is vulnerable to a DNS ...)
- nodejs <unfixed> (unimportant)
[stretch] - nodejs <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4aff5c3b290fcddfbd536224a1c74efa87b56c63
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4aff5c3b290fcddfbd536224a1c74efa87b56c63
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180829/7578fec1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list