[Git][security-tracker-team/security-tracker][master] mark nodejs as ignored for stretch (these used to be marked unimportant before...
Moritz Muehlenhoff
jmm at debian.org
Wed Apr 29 17:43:26 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d0d6dfc8 by Moritz Muehlenhoff at 2020-04-29T18:42:48+02:00
mark nodejs as ignored for stretch (these used to be marked unimportant before buster became supported)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41920,11 +41920,13 @@ CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version:
NOT-FOR-US: node-red
CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 10, 12, ...)
- nodejs 10.19.0~dfsg-1
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
NOTE: https://hackerone.com/reports/730779
NOTE: https://github.com/nodejs/node/commit/2eee90e959ca4abaf53caf238d063c396f2ea17c (v10.19.0)
CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payl ...)
- nodejs 10.19.0~dfsg-1
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
[experimental] - http-parser 2.9.3-1
- http-parser <unfixed>
@@ -41935,6 +41937,7 @@ CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes maliciou
NOTE: back to use shared libhttp-parser again.
CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 causes the p ...)
- nodejs 10.19.0~dfsg-1
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
NOTE: https://hackerone.com/reports/746733
NOTE: https://github.com/nodejs/node/commit/f940bee3b7da865e28093472dee9ce664f273f6d (v10.19.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0d6dfc86f2137ae2b39762fabf2da9e1cf5b7f6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0d6dfc86f2137ae2b39762fabf2da9e1cf5b7f6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200429/3f9be19e/attachment.html>
More information about the debian-security-tracker-commits
mailing list