[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2020-7788/node-ini as no-dsa

Salvatore Bonaccorso carnil at debian.org
Sat Dec 19 20:04:45 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e201567 by Salvatore Bonaccorso at 2020-12-19T21:03:33+01:00
Mark CVE-2020-7788/node-ini as no-dsa

- - - - -
4e51e931 by Salvatore Bonaccorso at 2020-12-19T21:04:15+01:00
Track proposed update for CVE-2020-7788/node-ini via buster-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -60628,6 +60628,7 @@ CVE-2020-7789 (This affects the package node-notifier before 9.0.0. It allows an
 	NOT-FOR-US: Node node-notifier
 CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits a ma ...)
 	- node-ini 2.0.0-1 (bug #977718)
+	[buster] - node-ini <no-dsa> (Minor issue)
 	NOTE: https://snyk.io/vuln/SNYK-JS-INI-1048974
 	NOTE: https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)
 CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a  ...)


=====================================
data/next-point-update.txt
=====================================
@@ -56,3 +56,5 @@ CVE-2020-27818
 	[buster] - pngcheck 2.3.0-7+deb10u1
 CVE-2019-14584
 	[buster] - edk2 0~20181115.85588389-3+deb10u3
+CVE-2020-7788
+	[buster] - node-ini 1.3.5-1+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0aa48141b8e70ec514d9e8e2e31d0cd80ee1df50...4e51e931076bf24087fc591eb2aabbb9d7927d07

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0aa48141b8e70ec514d9e8e2e31d0cd80ee1df50...4e51e931076bf24087fc591eb2aabbb9d7927d07
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201219/adf5ccbe/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list