[Git][security-tracker-team/security-tracker][master] new node-y18n, node-nodemailer issues
Moritz Muehlenhoff
jmm at debian.org
Wed Nov 18 13:07:59 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9bf419ad by Moritz Muehlenhoff at 2020-11-18T14:07:45+01:00
new node-y18n, node-nodemailer issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53279,9 +53279,13 @@ CVE-2020-7776
CVE-2020-7775
RESERVED
CVE-2020-7774 (This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = ...)
- TODO: check
+ - node-y18n <unfixed>
+ [buster] - node-y18n <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-JS-Y18N-1021887
+ NOTE: https://github.com/yargs/y18n/issues/96
+ NOTE: https://github.com/yargs/y18n/pull/108
CVE-2020-7773 (This affects the package markdown-it-highlightjs before 3.3.1. It is p ...)
- TODO: check
+ NOT-FOR-US: Node markdown-it-highlightjs
CVE-2020-7772 (This affects the package doc-path before 2.1.2. ...)
NOT-FOR-US: Node doc-path
CVE-2020-7771
@@ -53289,15 +53293,17 @@ CVE-2020-7771
CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds in the ...)
NOT-FOR-US: Node json8
CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of crafted reci ...)
- TODO: check
+ - node-nodemailer 6.4.16-1
+ NOTE: https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
+ NOTE: https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54
CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 ...)
- TODO: check
+ NOT-FOR-US: Node grpc
CVE-2020-7767 (All versions of package express-validators are vulnerable to Regular E ...)
- TODO: check
+ NOT-FOR-US: Node express-validators
CVE-2020-7766 (This affects all versions of package json-ptr. The issue occurs in the ...)
- TODO: check
+ NOT-FOR-US: Node json-ptr
CVE-2020-7765 (This affects the package @firebase/util before 0.3.4. This vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Node firebase/util
CVE-2020-7764 (This affects the package find-my-way before 2.2.5, from 3.0.0 and befo ...)
NOT-FOR-US: Node find-my-way
CVE-2020-7763 (This affects the package phantom-html-to-pdf before 0.6.1. ...)
@@ -57767,7 +57773,7 @@ CVE-2020-6021
CVE-2020-6020 (Check Point Security Management's Internal CA web management before Ju ...)
NOT-FOR-US: Check Point
CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
- TODO: check
+ NOT-FOR-US: Valve's Game Networking Sockets
CVE-2020-6018
RESERVED
CVE-2020-6017
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf419ad6042207774fbceee79c1f7e84ba9f328
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf419ad6042207774fbceee79c1f7e84ba9f328
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201118/ffc0180f/attachment.html>
More information about the debian-security-tracker-commits
mailing list