[Git][security-tracker-team/security-tracker][master] Update information on CVE-2018-1109/node-braces
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 26 19:58:53 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
02a96c8e by Salvatore Bonaccorso at 2019-04-26T18:57:09Z
Update information on CVE-2018-1109/node-braces
The issue does not affect any version released in Debian as the issue
was introduced only 2.2.0 upstream via the commit
https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113
..
Thanks: Xavier Guimard <yadd at debian.org>
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -81435,10 +81435,11 @@ CVE-2018-1110 [Improper Input Validation]
NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/2
CVE-2018-1109
RESERVED
- - node-braces <unfixed> (bug #927716)
- [stretch] - node-braces <ignored> (Nodejs in stretch not covered by security support)
+ - node-braces <not-affected> (Vulnerable code introduced in 2.2.0)
NOTE: https://snyk.io/vuln/npm:braces:20180219
- NOTE: https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
+ NOTE: Introduced by: https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113 (2.2.0)
+ NOTE: Fixed by: https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451 (2.3.1)
+ NOTE: Cf. analysis in https://bugs.debian.org/927716#38
CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a weakness in ...)
- linux 4.16.5-1
[jessie] - linux <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/02a96c8eab5fc8f7bb8ddcdfed28fb8cf3d03d4f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/02a96c8eab5fc8f7bb8ddcdfed28fb8cf3d03d4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190426/c7f08c1d/attachment.html>
More information about the debian-security-tracker-commits
mailing list