[Git][security-tracker-team/security-tracker][master] CVE-2020-8203/node-lodash EOL in stretch

[Emilio Pozuelo Monfort]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1eb0bdf by Emilio Pozuelo Monfort at 2020-07-30T12:27:44+02:00
CVE-2020-8203/node-lodash EOL in stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -21109,6 +21109,7 @@ CVE-2020-8204
 CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash <=  ...)
 	- node-lodash 4.17.19+dfsg-1 (bug #965283)
 	[buster] - node-lodash <no-dsa> (Minor issue; can be fixed via point release)
+	[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://hackerone.com/reports/712065
 CVE-2020-8202
 	RESERVED


=====================================
data/dla-needed.txt
=====================================
@@ -99,8 +99,6 @@ mumble
 --
 net-snmp (Chris Lamb)
 --
-node-lodash
---
 nss (Adrian Bunk)
   NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc)
   NOTE: 20200727: work is ongoing (bunk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1eb0bdfe26bf781e47917be935edc960e486e34

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1eb0bdfe26bf781e47917be935edc960e486e34
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200730/d40a8cb5/attachment-0001.html>