[Git][security-tracker-team/security-tracker][master] 3 commits: mark nodejs CVE as ignored
Thorsten Alteholz
alteholz at debian.org
Mon Apr 22 22:18:57 BST 2019
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
77aa8a2b by Thorsten Alteholz at 2019-04-22T21:14:29Z
mark nodejs CVE as ignored
- - - - -
4daebe35 by Thorsten Alteholz at 2019-04-22T21:15:22Z
mark nodejs CVE as ignored
- - - - -
8684c2e3 by Thorsten Alteholz at 2019-04-22T21:15:50Z
mark nodejs CVE as ignored
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -87334,6 +87334,7 @@ CVE-2017-16130 (exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide.
CVE-2017-16129 (The HTTP client module superagent is vulnerable to ZIP bomb attacks. I ...)
- node-superagent 0.20.0+dfsg-2
[stretch] - node-superagent <ignored> (Nodejs in stretch not covered by security support)
+ [jessie] - node-superagent <ignored> (Nodejs in jessie not covered by security support)
NOTE: https://github.com/visionmedia/superagent/issues/1259
NOTE: https://nodesecurity.io/advisories/479
CVE-2017-16128 (The module npm-script-demo opened a connection to a command and contro ...)
@@ -87552,6 +87553,7 @@ CVE-2017-16027
CVE-2017-16026 (Request is an http client. If a request is made using ```multipart```, ...)
- node-request 2.88.1-1 (bug #901708)
[stretch] - node-request <ignored> (Nodejs in stretch not covered by security support)
+ [jessie] - node-request <ignored> (Nodejs in jessie not covered by security support)
NOTE: https://github.com/request/request/issues/1904
NOTE: https://nodesecurity.io/advisories/309
NOTE: https://github.com/request/request/pull/2018
@@ -87949,6 +87951,7 @@ CVE-2016-10543 (call is an HTTP router that is primarily used by the hapi framew
CVE-2016-10542 (ws is a "simple to use, blazing fast and thoroughly tested websocket c ...)
- node-ws 1.1.0+ds1.e6ddaae4-5 (bug #927671)
[stretch] - node-ws <ignored> (Nodejs in stretch not covered by security support)
+ [jessie] - node-ws <ignored> (Nodejs in jessie not covered by security support)
NOTE: https://nodesecurity.io/advisories/120
NOTE: https://github.com/nodejs/node/issues/7388
CVE-2016-10541 (The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/23d9759a4c6e53ac1d366df13a2a5e5b4d6aab4c...8684c2e3c936071369222c8ba47f9e132dbafc39
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/23d9759a4c6e53ac1d366df13a2a5e5b4d6aab4c...8684c2e3c936071369222c8ba47f9e132dbafc39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190422/5be1a050/attachment.html>
More information about the debian-security-tracker-commits
mailing list