[Git][security-tracker-team/security-tracker][master] Add CVE-2019-1010266/node-lodash
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 18 22:22:51 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c06c2c2d by Salvatore Bonaccorso at 2019-07-18T21:20:55Z
Add CVE-2019-1010266/node-lodash
Marked it as unimportant, even it is supported now in buster onwards
security-wise. The reason behind this marking is that the fixed version
is anyway the one in buster and for stretch and earlier it would
otherwise be marked no-dsa anyway. Given another issue which was fixed
in the same upstream version tracked earlier opted to mark both issues
in sync.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11440,7 +11440,10 @@ CVE-2019-1010268 (Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb
CVE-2019-1010267
RESERVED
CVE-2019-1010266 (lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource ...)
- TODO: check
+ - node-lodash 4.17.11+dfsg-1 (unimportant)
+ NOTE: https://github.com/lodash/lodash/issues/3359
+ NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-73639
+ NOTE: nodejs not covered by security support
CVE-2019-1010265
RESERVED
CVE-2019-1010264
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c06c2c2defe4eadfd82ccb57d35dce69549f174a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c06c2c2defe4eadfd82ccb57d35dce69549f174a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190718/6d69b42c/attachment.html>
More information about the debian-security-tracker-commits
mailing list