Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 79c897b0 by Salvatore Bonaccorso at 2020-10-21T21:42:51+02:00 Update information on CVE-2020-13991/iotjs No Debian released version contained the issue, because that was introduced in JerryScript upstream durin the opfunc_spread_arguments argument release process. This was in the v2.2.0 version upstream. So iotjs embedding JerryScript was not affected in a Debian released version as 1.0+715-1 contained botht the above introducition but as well the fix from https://github.com/jerryscript-project/jerryscript/commit/ba4e3a402fce722ea752243c60c009307438d97f .. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -29563,7 +29563,7 @@ CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Sto ...) NOT-FOR-US: Mods for HESK CVE-2020-13991 (vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow ...) - - iotjs 1.0+715-1 (bug #972228) + - iotjs <not-affected> (Vulnerable code not present; cf. #972228) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3858 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3859 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3860 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79c897b019c5bedc17fafa0b2c76c922e5e5e532 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79c897b019c5bedc17fafa0b2c76c922e5e5e532 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
