[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-28502/node-xmlhttprequest(-ssl) EOL on stretch

Wed Mar 10 09:56:47 GMT 2021


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1aaae913 by Emilio Pozuelo Monfort at 2021-03-10T10:55:18+01:00
CVE-2020-28502/node-xmlhttprequest(-ssl) EOL on stretch

- - - - -
e724abb2 by Emilio Pozuelo Monfort at 2021-03-10T10:55:20+01:00
node-lodash EOL on stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10962,6 +10962,7 @@ CVE-2021-23338 (This affects all versions of package qlib. The workflow function
 	NOT-FOR-US: qlib
 CVE-2021-23337 (All versions of package lodash; all versions of package org.fujion.web ...)
 	- node-lodash <unfixed>
+	[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
 CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...)
 	{DLA-2569-1}
@@ -26470,13 +26471,16 @@ CVE-2020-28503
 	RESERVED
 CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versions of  ...)
 	- node-xmlhttprequest 1.8.0-1
+	[stretch] - node-xmlhttprequest <end-of-life> (Nodejs in stretch not covered by security support)
 	- node-xmlhttprequest-ssl <unfixed>
+	[stretch] - node-xmlhttprequest-ssl <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935
 	NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
 CVE-2020-28501
 	RESERVED
 CVE-2020-28500 (All versions of package lodash; all versions of package org.fujion.web ...)
 	- node-lodash <unfixed>
+	[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
 	NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1018905
 CVE-2020-28499 (All versions of package merge are vulnerable to Prototype Pollution vi ...)
 	NOTE: Only bogus references listed, unclear what this is about



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a43e09b8952e810968a40a1951348e064b17c3c5...e724abb278837f70920560ffa492bb9f1846b244

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a43e09b8952e810968a40a1951348e064b17c3c5...e724abb278837f70920560ffa492bb9f1846b244
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210310/8886bc68/attachment.htm>
