[Git][security-tracker-team/security-tracker][master] latest nodejs issue is in c-ares

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc6195df by Moritz Muehlenhoff at 2020-11-17T11:27:39+01:00
latest nodejs issue is in c-ares

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51729,9 +51729,12 @@ CVE-2020-8278
 	RESERVED
 CVE-2020-8277 [Denial of Service through DNS request]
 	RESERVED
-	- nodejs <unfixed>
-	[stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
-	NOTE: https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#denial-of-service-through-dns-request-cve-2020-8277
+	- c-ares <unfixed>
+	[buster] - c-ares <not-affected> (Introduced in 1.16)
+	[stretch] - c-ares <not-affected> (Introduced in 1.16)
+	NOTE: Originally reported for nodes, which bundles c-ares: https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#denial-of-service-through-dns-request-cve-2020-8277
+	NOTE: Fix in c-ares: https://github.com/c-ares/c-ares/commit/0d252eb3b2147179296a3bdb4ef97883c97c54d3
+	NOTE: Introduced in https://github.com/c-ares/c-ares/commit/7d3591ee8a1a63e7748e68e6d880bd1763a32885
 CVE-2020-8276 (The implementation of Brave Desktop's privacy-preserving analytics sys ...)
 	NOT-FOR-US: Brave
 CVE-2020-8275



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc6195df5c90acee7f4fc34310e0ea45b3b3bdf3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc6195df5c90acee7f4fc34310e0ea45b3b3bdf3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201117/9c4cb3f2/attachment-0001.html>