[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-15604,CVE-2019-15606/nodejs: reference commits (courtesy of RedHat)

Sylvain Beucler beuc at debian.org
Thu Feb 20 13:29:27 GMT 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c47af081 by Sylvain Beucler at 2020-02-20T14:24:50+01:00
CVE-2019-15604,CVE-2019-15606/nodejs: reference commits (courtesy of RedHat)

- - - - -
5eee2415 by Sylvain Beucler at 2020-02-20T14:25:40+01:00
CVE-2019-15605: also affects http-parser

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32314,12 +32314,16 @@ CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version:
 CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 10, 12, ...)
 	- nodejs <unfixed>
 	NOTE: https://hackerone.com/reports/730779
+	NOTE: https://github.com/nodejs/node/commit/25b6897e8a1072bd38b7d12d3ec6920bfe1c8de3
 CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payl ...)
 	- nodejs <unfixed>
+	- http-parser <unfixed>
 	NOTE: https://hackerone.com/reports/735748
+	NOTE: https://github.com/nodejs/http-parser/commit/7d5c99d09f6743b055d53fc3f642746d9801479b (http-parser)
 CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 causes the p ...)
 	- nodejs <unfixed>
 	NOTE: https://hackerone.com/reports/746733
+	NOTE: https://github.com/nodejs/node/commit/1156a9e5f849f32a3664587f9cf37cd876fe0dd1
 CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scriptin ...)
 	NOT-FOR-US: seefl
 CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and escapin ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8170465163037bbdeb181f91474f6a1497244d0d...5eee24152822d6a8b0a8fe563312e34a8953c4b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/8170465163037bbdeb181f91474f6a1497244d0d...5eee24152822d6a8b0a8fe563312e34a8953c4b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200220/02560631/attachment.html>

More information about the debian-security-tracker-commits mailing list