[Git][security-tracker-team/security-tracker][master] Add information for CVE-2020-8287/http-parser

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
368f2483 by Salvatore Bonaccorso at 2022-08-05T14:08:36+02:00
Add information for CVE-2020-8287/http-parser

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -176487,10 +176487,12 @@ CVE-2020-8288 (The `specializedRendering` function in Rocket.Chat server before
 	NOT-FOR-US: Rocket.Chat
 CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two co ...)
 	{DSA-4826-1}
+	- http-parser <unfixed> (bug #1016690)
 	- nodejs 12.20.1~dfsg-1 (bug #979364)
 	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
 	NOTE: https://nodejs.org/en/blog/release/v10.23.1/
 	NOTE: https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e (v10.23.1)
+	NOTE: https://github.com/nodejs/http-parser/pull/530/
 CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...)
 	{DSA-4881-1 DLA-2500-1}
 	- curl 7.74.0-1 (bug #977161)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/368f2483ba49db81f4d4b6a788dcee44f8b872b5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/368f2483ba49db81f4d4b6a788dcee44f8b872b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220805/3ab303bf/attachment.htm>