Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37e34858 by Salvatore Bonaccorso at 2020-09-13T21:09:44+02:00
Mark CVE-2020-15168/node-fetch as ignored for buster
The fix cannot be done without major changes to the 1.7.3 version
according to Xavier. The issue minor enough to be ignored further for
buster.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21019,7 +21019,7 @@ CVE-2020-15169 (In Action View before versions 5.2.4.4
and 6.0.3.3 there is a po
CVE-2020-15168 (node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not
honor the si ...)
[experimental] - node-fetch 2.6.1-1
- node-fetch <unfixed> (bug #970173)
- [buster] - node-fetch <no-dsa> (Minor issue)
+ [buster] - node-fetch <ignored> (Minor issue; Intrusive to backport)
NOTE:
https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r
CVE-2020-15167 (In Miller (command line utility) using the configuration file
support ...)
- miller 5.9.1+dfsg-1 (bug #969467)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e348580a0910cec9bb611012a371ebd40761d9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37e348580a0910cec9bb611012a371ebd40761d9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
