nodejs: reference 10.x commits

Sylvain Beucler Thu, 20 Feb 2020 06:00:16 -0800


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
08089a8f by Sylvain Beucler at 2020-02-20T14:42:41+01:00
CVE-2019-15604,CVE-2019-15606/nodejs: reference 10.x commits

- - - - -
f13065b4 by Sylvain Beucler at 2020-02-20T14:59:38+01:00
http-parser: embedded in nodejs since 10.15.0~dfsg-1

- - - - -


2 changed files:

- data/CVE/list
- data/embedded-code-copies


Changes:

=====================================
data/CVE/list
=====================================
@@ -32314,7 +32314,7 @@ CVE-2019-15607 (A stored XSS vulnerability is present 
within node-red (version:
 CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 
10, 12, ...)
        - nodejs <unfixed>
        NOTE: https://hackerone.com/reports/730779
-       NOTE: 
https://github.com/nodejs/node/commit/25b6897e8a1072bd38b7d12d3ec6920bfe1c8de3
+       NOTE: 
https://github.com/nodejs/node/commit/2eee90e959ca4abaf53caf238d063c396f2ea17c 
(10.x)
 CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes 
malicious payl ...)
        - nodejs <unfixed>
        - http-parser <unfixed>
@@ -32323,7 +32323,7 @@ CVE-2019-15605 (HTTP request smuggling in Node.js 10, 
12, and 13 causes maliciou
 CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 
causes the p ...)
        - nodejs <unfixed>
        NOTE: https://hackerone.com/reports/746733
-       NOTE: 
https://github.com/nodejs/node/commit/1156a9e5f849f32a3664587f9cf37cd876fe0dd1
+       NOTE: 
https://github.com/nodejs/node/commit/f940bee3b7da865e28093472dee9ce664f273f6d 
(10.x)
 CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site 
Scriptin ...)
        NOT-FOR-US: seefl
 CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and 
escapin ...)


=====================================
data/embedded-code-copies
=====================================
@@ -3472,3 +3472,6 @@ libstb
        - sumo <unfixed> (embed; bug #950251)
        - yquake2 <unfixed> (embed; bug #950252)
        - dart <unfixed> (modified-embed)
+
+http-parser
+       - nodejs <unfixed> (embed)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5eee24152822d6a8b0a8fe563312e34a8953c4b6...f13065b424fa983b2f53992ddb2894e6e7442ac8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/5eee24152822d6a8b0a8fe563312e34a8953c4b6...f13065b424fa983b2f53992ddb2894e6e7442ac8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-15604,CVE-2019-15606/nodejs: reference 10.x commits

Reply via email to