[Git][security-tracker-team/security-tracker][master] Update information on CVE-2018-1109/node-braces

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
02a96c8e by Salvatore Bonaccorso at 2019-04-26T18:57:09Z
Update information on CVE-2018-1109/node-braces

The issue does not affect any version released in Debian as the issue
was introduced only 2.2.0 upstream via the commit
https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113
..

Thanks: Xavier Guimard <y...@debian.org>

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81435,10 +81435,11 @@ CVE-2018-1110 [Improper Input Validation]
        NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/2
 CVE-2018-1109
        RESERVED
-       - node-braces <unfixed> (bug #927716)
-       [stretch] - node-braces <ignored> (Nodejs in stretch not covered by 
security support)
+       - node-braces <not-affected> (Vulnerable code introduced in 2.2.0)
        NOTE: https://snyk.io/vuln/npm:braces:20180219
-       NOTE: 
https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
+       NOTE: Introduced by: 
https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113
 (2.2.0)
+       NOTE: Fixed by: 
https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
 (2.3.1)
+       NOTE: Cf. analysis in https://bugs.debian.org/927716#38
 CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a 
weakness in ...)
        - linux 4.16.5-1
        [jessie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02a96c8eab5fc8f7bb8ddcdfed28fb8cf3d03d4f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02a96c8eab5fc8f7bb8ddcdfed28fb8cf3d03d4f
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits