[Git][security-tracker-team/security-tracker][master] 3 commits: Add fixed version for CVE-2020-7608/node-yarg-parser
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 24 10:09:38 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
64944d4c by Salvatore Bonaccorso at 2020-03-24T11:06:26+01:00
Add fixed version for CVE-2020-7608/node-yarg-parser
- - - - -
1e43abb3 by Salvatore Bonaccorso at 2020-03-24T11:08:04+01:00
Track proposed update for node-yargs-parser via buster-pu
- - - - -
707ccc02 by Salvatore Bonaccorso at 2020-03-24T11:09:04+01:00
Mark CVE-2020-7608/node-yargs-parser as no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -7631,7 +7631,9 @@ CVE-2020-7610
CVE-2020-7609
RESERVED
CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties of O ...)
- - node-yargs-parser <unfixed>
+ - node-yargs-parser 18.1.1-1
+ [buster] - node-yargs-parser <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - node-yargs-parser <ignored> (Nodejs in stretch not covered by security support)
NOTE: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
NOTE: https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
NOTE: https://gist.github.com/Kirill89/dcd8100d010896157a36624119439832
=====================================
data/next-point-update.txt
=====================================
@@ -59,3 +59,5 @@ CVE-2020-5267
[buster] - rails 2:5.2.2.1+dfsg-1+deb10u1
CVE-2020-8597
[buster] - lwip 2.0.3-3+deb10u1
+CVE-2020-7608
+ [buster] - node-yargs-parser 11.1.1-1+deb10u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b4bcf1dcb372227b83962e7f29236a67cf962e3...707ccc02f5d03d36459226b8854943fed0525ed0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1b4bcf1dcb372227b83962e7f29236a67cf962e3...707ccc02f5d03d36459226b8854943fed0525ed0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200324/e0262ba4/attachment.html>
More information about the debian-security-tracker-commits
mailing list