[Git][security-tracker-team/security-tracker][master] Track new nodejs issues from september security release

Salvatore Bonaccorso carnil at debian.org
Wed Sep 16 06:08:05 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88ab20c3 by Salvatore Bonaccorso at 2020-09-16T07:07:36+02:00
Track new nodejs issues from september security release

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40799,10 +40799,14 @@ CVE-2020-8254
 	RESERVED
 CVE-2020-8253
 	RESERVED
-CVE-2020-8252
+CVE-2020-8252 [fs.realpath.native on may cause buffer overflow]
 	RESERVED
-CVE-2020-8251
+	- nodejs <unfixed>
+	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
+CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests]
 	RESERVED
+	- nodejs <not-affected> (Only affects 14.x series)
+	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251
 CVE-2020-8250
 	RESERVED
 CVE-2020-8249
@@ -40920,8 +40924,10 @@ CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash &
 	NOTE: https://hackerone.com/reports/712065
 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...)
 	NOT-FOR-US: Nextcloud Preferred Providers app
-CVE-2020-8201
+CVE-2020-8201 [HTTP Request Smuggling due to CR-to-Hyphen conversion]
 	RESERVED
+	- nodejs <unfixed>
+	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201
 CVE-2020-8200
 	RESERVED
 CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88ab20c3df2f37d3d55c508c5d4e448ea7eae7d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88ab20c3df2f37d3d55c508c5d4e448ea7eae7d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200916/e44d2b27/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list