[Git][security-tracker-team/security-tracker][master] refer to libuv1 for CVE-2020-8252

Fri Sep 18 13:11:01 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e13e9f03 by Moritz Muehlenhoff at 2020-09-18T14:10:34+02:00
refer to libuv1 for CVE-2020-8252

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41168,8 +41168,9 @@ CVE-2020-8253
 	RESERVED
 CVE-2020-8252 [fs.realpath.native on may cause buffer overflow]
 	RESERVED
-	- nodejs 12.18.4~dfsg-1
+	- libuv1 1.39.0-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
+	NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one
 CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests]
 	RESERVED
 	- nodejs <not-affected> (Only affects 14.x series)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e13e9f03d92b0da78a6528faedb8c9fa61351435

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e13e9f03d92b0da78a6528faedb8c9fa61351435
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200918/ff10a215/attachment.html>
