[Git][security-tracker-team/security-tracker][master] Add CVE-2017-16042/node-growl
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 6 07:26:08 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3f789a0a by Salvatore Bonaccorso at 2018-06-06T08:25:33+02:00
Add CVE-2017-16042/node-growl
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35626,7 +35626,11 @@ CVE-2017-16044 (`d3.js` was a malicious module published with the intent to hija
CVE-2017-16043 (Shout is an IRC client. Because the `/topic` command in messages is ...)
TODO: check
CVE-2017-16042 (Growl adds growl notification support to nodejs. Growl before 1.10.2 ...)
- TODO: check
+ - node-growl <unfixed> (unimportant)
+ NOTE: Issue: https://github.com/tj/node-growl/issues/60
+ NOTE: https://github.com/tj/node-growl/pull/61
+ NOTE: https://nodesecurity.io/advisories/146
+ NOTE: NOTE: nodejs not covered by security support
CVE-2017-16041 (ikst versions before 1.1.2 download resources over HTTP, which leaves ...)
TODO: check
CVE-2017-16040 (gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f789a0a55bac0f350c907e6d912f90b772d5d43
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3f789a0a55bac0f350c907e6d912f90b772d5d43
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180606/d1ffaa76/attachment.html>
More information about the debian-security-tracker-commits
mailing list