[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] node-ssri ReDoS
Paul Wise
pabs at debian.org
Sat Mar 3 14:38:39 UTC 2018
Paul Wise pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2e4f7bfa by Paul Wise at 2018-03-03T22:38:19+08:00
node-ssri ReDoS
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,9 @@
+CVE-2018-XXXX [Regular Expression Denial of Service vulnerability in the strict mode functionality]
+ - node-ssri <unfixed>
+ NOTE: fixed in 5.2.2
+ NOTE: https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d
+ NOTE: https://github.com/zkat/ssri/issues/10
+ NOTE: https://nodesecurity.io/advisories/565
CVE-2018-1000115 [Insufficient Control of Network Message Volume]
- memcached <unfixed>
[stretch] - memcached <no-dsa> (Minor issue; Debian defaults to listen only on localhost)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4f7bfaaba71994cddc64ad3ecb0927713365dd
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2e4f7bfaaba71994cddc64ad3ecb0927713365dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180303/7faa4215/attachment.html>
More information about the Secure-testing-commits
mailing list