[Git][security-tracker-team/security-tracker][master] 3 commits: mark nodejs CVE as ignored

Mon, 22 Apr 2019 14:19:14 -0700 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
77aa8a2b by Thorsten Alteholz at 2019-04-22T21:14:29Z
mark nodejs CVE as ignored

- - - - -
4daebe35 by Thorsten Alteholz at 2019-04-22T21:15:22Z
mark nodejs CVE as ignored

- - - - -
8684c2e3 by Thorsten Alteholz at 2019-04-22T21:15:50Z
mark nodejs CVE as ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -87334,6 +87334,7 @@ CVE-2017-16130 (exxxxxxxxxxx is an Http eX Frame Google 
Style JavaScript Guide.
 CVE-2017-16129 (The HTTP client module superagent is vulnerable to ZIP bomb 
attacks. I ...)
        - node-superagent 0.20.0+dfsg-2
        [stretch] - node-superagent <ignored> (Nodejs in stretch not covered by 
security support)
+       [jessie] - node-superagent <ignored> (Nodejs in jessie not covered by 
security support)
        NOTE: https://github.com/visionmedia/superagent/issues/1259
        NOTE: https://nodesecurity.io/advisories/479
 CVE-2017-16128 (The module npm-script-demo opened a connection to a command 
and contro ...)
@@ -87552,6 +87553,7 @@ CVE-2017-16027
 CVE-2017-16026 (Request is an http client. If a request is made using 
```multipart```, ...)
        - node-request 2.88.1-1 (bug #901708)
        [stretch] - node-request <ignored> (Nodejs in stretch not covered by 
security support)
+       [jessie] - node-request <ignored> (Nodejs in jessie not covered by 
security support)
        NOTE: https://github.com/request/request/issues/1904
        NOTE: https://nodesecurity.io/advisories/309
        NOTE: https://github.com/request/request/pull/2018
@@ -87949,6 +87951,7 @@ CVE-2016-10543 (call is an HTTP router that is 
primarily used by the hapi framew
 CVE-2016-10542 (ws is a "simple to use, blazing fast and thoroughly tested 
websocket c ...)
        - node-ws 1.1.0+ds1.e6ddaae4-5 (bug #927671)
        [stretch] - node-ws <ignored> (Nodejs in stretch not covered by 
security support)
+       [jessie] - node-ws <ignored> (Nodejs in jessie not covered by security 
support)
        NOTE: https://nodesecurity.io/advisories/120
        NOTE: https://github.com/nodejs/node/issues/7388
 CVE-2016-10541 (The npm module "shell-quote" 1.6.0 and earlier cannot 
correctly escape ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/23d9759a4c6e53ac1d366df13a2a5e5b4d6aab4c...8684c2e3c936071369222c8ba47f9e132dbafc39

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/23d9759a4c6e53ac1d366df13a2a5e5b4d6aab4c...8684c2e3c936071369222c8ba47f9e132dbafc39
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to