Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1eb0bdf by Emilio Pozuelo Monfort at 2020-07-30T12:27:44+02:00
CVE-2020-8203/node-lodash EOL in stretch
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -21109,6 +21109,7 @@ CVE-2020-8204
CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash
<= ...)
- node-lodash 4.17.19+dfsg-1 (bug #965283)
[buster] - node-lodash <no-dsa> (Minor issue; can be fixed via point
release)
+ [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by
security support)
NOTE: https://hackerone.com/reports/712065
CVE-2020-8202
RESERVED
=====================================
data/dla-needed.txt
=====================================
@@ -99,8 +99,6 @@ mumble
--
net-snmp (Chris Lamb)
--
-node-lodash
---
nss (Adrian Bunk)
NOTE: 20200706: from dsa-needed.txt: Roberto proposed an update including
fixes for CVE-2018-12404 and CVE-2018-18508 (Beuc)
NOTE: 20200727: work is ongoing (bunk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1eb0bdfe26bf781e47917be935edc960e486e34
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1eb0bdfe26bf781e47917be935edc960e486e34
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
