[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Mar 15 20:10:36 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e35f856d by security tracker role at 2020-03-15T20:10:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5434,8 +5434,8 @@ CVE-2020-8143
 	RESERVED
 CVE-2020-8142
 	RESERVED
-CVE-2020-8141
-	RESERVED
+CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This can  ...)
+	TODO: check
 CVE-2020-8140
 	RESERVED
 CVE-2020-8139
@@ -35556,8 +35556,8 @@ CVE-2019-15610 (Improper authorization in the Circles app 0.17.7 causes retainin
 	NOT-FOR-US: Circles app
 CVE-2019-15609 (The kill-port-process package version < 2.2.0 is vulnerable to a Co ...)
 	NOT-FOR-US: Node kill-port-process
-CVE-2019-15608
-	RESERVED
+CVE-2019-15608 (The package integrity validation in yarn < 1.19.0 contains a TOCTOU ...)
+	TODO: check
 CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: <=  ...)
 	NOT-FOR-US: node-red
 CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 10, 12, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e35f856db0fd11c40906528d0250eb66e0b6fe86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e35f856db0fd11c40906528d0250eb66e0b6fe86
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200315/45ecae64/attachment.html>


More information about the debian-security-tracker-commits mailing list