Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 02a96c8e by Salvatore Bonaccorso at 2019-04-26T18:57:09Z Update information on CVE-2018-1109/node-braces The issue does not affect any version released in Debian as the issue was introduced only 2.2.0 upstream via the commit https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113 .. Thanks: Xavier Guimard <y...@debian.org> - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -81435,10 +81435,11 @@ CVE-2018-1110 [Improper Input Validation] NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/2 CVE-2018-1109 RESERVED - - node-braces <unfixed> (bug #927716) - [stretch] - node-braces <ignored> (Nodejs in stretch not covered by security support) + - node-braces <not-affected> (Vulnerable code introduced in 2.2.0) NOTE: https://snyk.io/vuln/npm:braces:20180219 - NOTE: https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451 + NOTE: Introduced by: https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113 (2.2.0) + NOTE: Fixed by: https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451 (2.3.1) + NOTE: Cf. analysis in https://bugs.debian.org/927716#38 CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a weakness in ...) - linux 4.16.5-1 [jessie] - linux <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/02a96c8eab5fc8f7bb8ddcdfed28fb8cf3d03d4f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/02a96c8eab5fc8f7bb8ddcdfed28fb8cf3d03d4f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits