[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-15604,CVE-2019-15606/nodejs: reference 10.x commits

Thu Feb 20 14:00:00 GMT 2020


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08089a8f by Sylvain Beucler at 2020-02-20T14:42:41+01:00
CVE-2019-15604,CVE-2019-15606/nodejs: reference 10.x commits

- - - - -
f13065b4 by Sylvain Beucler at 2020-02-20T14:59:38+01:00
http-parser: embedded in nodejs since 10.15.0~dfsg-1

- - - - -


2 changed files:

- data/CVE/list
- data/embedded-code-copies


Changes:

=====================================
data/CVE/list
=====================================
@@ -32314,7 +32314,7 @@ CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version:
 CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 10, 12, ...)
 	- nodejs <unfixed>
 	NOTE: https://hackerone.com/reports/730779
-	NOTE: https://github.com/nodejs/node/commit/25b6897e8a1072bd38b7d12d3ec6920bfe1c8de3
+	NOTE: https://github.com/nodejs/node/commit/2eee90e959ca4abaf53caf238d063c396f2ea17c (10.x)
 CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payl ...)
 	- nodejs <unfixed>
 	- http-parser <unfixed>
@@ -32323,7 +32323,7 @@ CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes maliciou
 CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 causes the p ...)
 	- nodejs <unfixed>
 	NOTE: https://hackerone.com/reports/746733
-	NOTE: https://github.com/nodejs/node/commit/1156a9e5f849f32a3664587f9cf37cd876fe0dd1
+	NOTE: https://github.com/nodejs/node/commit/f940bee3b7da865e28093472dee9ce664f273f6d (10.x)
 CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scriptin ...)
 	NOT-FOR-US: seefl
 CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and escapin ...)


=====================================
data/embedded-code-copies
=====================================
@@ -3472,3 +3472,6 @@ libstb
 	- sumo <unfixed> (embed; bug #950251)
 	- yquake2 <unfixed> (embed; bug #950252)
 	- dart <unfixed> (modified-embed)
+
+http-parser
+	- nodejs <unfixed> (embed)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5eee24152822d6a8b0a8fe563312e34a8953c4b6...f13065b424fa983b2f53992ddb2894e6e7442ac8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/5eee24152822d6a8b0a8fe563312e34a8953c4b6...f13065b424fa983b2f53992ddb2894e6e7442ac8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200220/107837d3/attachment-0001.html>
