[Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-13991/iotjs
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 21 20:46:47 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
79c897b0 by Salvatore Bonaccorso at 2020-10-21T21:42:51+02:00
Update information on CVE-2020-13991/iotjs
No Debian released version contained the issue, because that was
introduced in JerryScript upstream durin the opfunc_spread_arguments
argument release process. This was in the v2.2.0 version upstream.
So iotjs embedding JerryScript was not affected in a Debian released
version as 1.0+715-1 contained botht the above introducition but as well
the fix from
https://github.com/jerryscript-project/jerryscript/commit/ba4e3a402fce722ea752243c60c009307438d97f
..
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29563,7 +29563,7 @@ CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0.
CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Sto ...)
NOT-FOR-US: Mods for HESK
CVE-2020-13991 (vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow ...)
- - iotjs 1.0+715-1 (bug #972228)
+ - iotjs <not-affected> (Vulnerable code not present; cf. #972228)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3858
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3859
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3860
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79c897b019c5bedc17fafa0b2c76c922e5e5e532
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79c897b019c5bedc17fafa0b2c76c922e5e5e532
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201021/95afee57/attachment.html>
More information about the debian-security-tracker-commits
mailing list