[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-15168/node-fetch as ignored for buster

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37e34858 by Salvatore Bonaccorso at 2020-09-13T21:09:44+02:00
Mark CVE-2020-15168/node-fetch as ignored for buster

The fix cannot be done without major changes to the 1.7.3 version
according to Xavier. The issue minor enough to be ignored further for
buster.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21019,7 +21019,7 @@ CVE-2020-15169 (In Action View before versions 5.2.4.4 and 6.0.3.3 there is a po
 CVE-2020-15168 (node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the si ...)
 	[experimental] - node-fetch 2.6.1-1
 	- node-fetch <unfixed> (bug #970173)
-	[buster] - node-fetch <no-dsa> (Minor issue)
+	[buster] - node-fetch <ignored> (Minor issue; Intrusive to backport)
 	NOTE: https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r
 CVE-2020-15167 (In Miller (command line utility) using the configuration file support  ...)
 	- miller 5.9.1+dfsg-1 (bug #969467)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e348580a0910cec9bb611012a371ebd40761d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e348580a0910cec9bb611012a371ebd40761d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200913/5d04e4c8/attachment.html>