[Git][security-tracker-team/security-tracker][master] Update information on CVE-2020-8252/libuv1

Tue, 22 Sep 2020 12:23:53 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4bf7d6eb by Salvatore Bonaccorso at 2020-09-22T21:22:45+02:00
Update information on CVE-2020-8252/libuv1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41337,8 +41337,10 @@ CVE-2020-8253 (Improper authentication in Citrix 
XenMobile Server 10.12 before R
 CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 
12.18.4, an ...)
        - libuv1 1.39.0-1
        NOTE: 
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
-       NOTE: Debian's version of nodejs uses the shared system library of 
libuv1 instead of the bundled one
-       NOTE: 
https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd
+       NOTE: Debian's version of nodejs uses the shared system library of 
libuv1 instead
+       NOTE: of the bundled one.
+       NOTE: Introduced by: 
https://github.com/libuv/libuv/commit/b56d279b172fbe78dee2fb1d29cae9c9c5c6d1c4 
(v1.24.0)
+       NOTE: Fixed by: 
https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd 
(v1.39.0)
 CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service 
(DoS) att ...)
        - nodejs <not-affected> (Only affects 14.x series)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf7d6eb2533add7189bfcdc5370e98548c85fd4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bf7d6eb2533add7189bfcdc5370e98548c85fd4
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to