[Git][security-tracker-team/security-tracker][master] 2 commits: Add references to upstream commits for 10.23.1 fixed for nodejs

Tue Jan 5 08:21:58 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
902e9400 by Salvatore Bonaccorso at 2021-01-05T09:19:14+01:00
Add references to upstream commits for 10.23.1 fixed for nodejs

- - - - -
30e9907f by Salvatore Bonaccorso at 2021-01-05T09:21:37+01:00
Process new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.p ...)
 	TODO: check
 CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an un ...)
-	TODO: check
+	NOT-FOR-US: ipeak Infosystems ibexwebCMS (aka IPeakCMS)
 CVE-2021-3017
 	RESERVED
 CVE-2021-3016
@@ -8660,11 +8660,11 @@ CVE-2020-29500
 CVE-2020-29499
 	RESERVED
 CVE-2020-29498 (Dell Wyse Management Suite versions prior to 3.1 contain an open redir ...)
-	TODO: check
+	NOT-FOR-US: Dell Wyse Management Suite
 CVE-2020-29497 (Dell Wyse Management Suite versions prior to 3.1 contain a stored cros ...)
-	TODO: check
+	NOT-FOR-US: Dell Wyse Management Suite
 CVE-2020-29496 (Dell Wyse Management Suite versions prior to 3.1 contain a stored cros ...)
-	TODO: check
+	NOT-FOR-US: Dell Wyse Management Suite
 CVE-2020-29495
 	RESERVED
 CVE-2020-29494
@@ -8672,9 +8672,9 @@ CVE-2020-29494
 CVE-2020-29493
 	RESERVED
 CVE-2020-29492 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...)
-	TODO: check
+	NOT-FOR-US: Dell Wyse ThinOS
 CVE-2020-29491 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...)
-	TODO: check
+	NOT-FOR-US: Dell Wyse ThinOS
 CVE-2020-29490
 	RESERVED
 CVE-2020-29489
@@ -62893,6 +62893,7 @@ CVE-2020-8287 [nodejs: HTTP Request Smuggling]
 	RESERVED
 	- nodejs <unfixed>
 	NOTE: https://nodejs.org/en/blog/release/v10.23.1/
+	NOTE: https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e (v10.23.1)
 CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...)
 	{DLA-2500-1}
 	- curl 7.74.0-1 (bug #977161)
@@ -62954,6 +62955,7 @@ CVE-2020-8265 [nodejs: use-after-free in TLSWrap]
 	RESERVED
 	- nodejs <unfixed>
 	NOTE: https://nodejs.org/en/blog/release/v10.23.1/
+	NOTE: https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed (v10.23.1)
 CVE-2020-8264 [Possible XSS Vulnerability in Action Pack in Development Mode]
 	RESERVED
 	- rails 2:6.0.3.4+dfsg-1 (bug #971988)
@@ -70337,7 +70339,7 @@ CVE-2020-5363 (Select Dell Client Consumer and Commercial platforms include an i
 CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an improper auth ...)
 	NOT-FOR-US: Dell
 CVE-2020-5361 (Select Dell Client Commercial and Consumer platforms support a BIOS pa ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2020-5360 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable  ...)
 	NOT-FOR-US: Dell
 CVE-2020-5359 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7db2ddec8ee1e62e531b98ee3881b4ea883afeb9...30e9907fa9ef93c463bb84be9ec75287929c7069

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7db2ddec8ee1e62e531b98ee3881b4ea883afeb9...30e9907fa9ef93c463bb84be9ec75287929c7069
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210105/0ab96b04/attachment.html>
