Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9bf419ad by Moritz Muehlenhoff at 2020-11-18T14:07:45+01:00
new node-y18n, node-nodemailer issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53279,9 +53279,13 @@ CVE-2020-7776
CVE-2020-7775
RESERVED
CVE-2020-7774 (This affects the package y18n before 5.0.5. PoC by po6ix: const
y18n = ...)
- TODO: check
+ - node-y18n <unfixed>
+ [buster] - node-y18n <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-JS-Y18N-1021887
+ NOTE: https://github.com/yargs/y18n/issues/96
+ NOTE: https://github.com/yargs/y18n/pull/108
CVE-2020-7773 (This affects the package markdown-it-highlightjs before 3.3.1.
It is p ...)
- TODO: check
+ NOT-FOR-US: Node markdown-it-highlightjs
CVE-2020-7772 (This affects the package doc-path before 2.1.2. ...)
NOT-FOR-US: Node doc-path
CVE-2020-7771
@@ -53289,15 +53293,17 @@ CVE-2020-7771
CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds
in the ...)
NOT-FOR-US: Node json8
CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of
crafted reci ...)
- TODO: check
+ - node-nodemailer 6.4.16-1
+ NOTE: https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
+ NOTE:
https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54
CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js
before 1.1.8 ...)
- TODO: check
+ NOT-FOR-US: Node grpc
CVE-2020-7767 (All versions of package express-validators are vulnerable to
Regular E ...)
- TODO: check
+ NOT-FOR-US: Node express-validators
CVE-2020-7766 (This affects all versions of package json-ptr. The issue occurs
in the ...)
- TODO: check
+ NOT-FOR-US: Node json-ptr
CVE-2020-7765 (This affects the package @firebase/util before 0.3.4. This
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Node firebase/util
CVE-2020-7764 (This affects the package find-my-way before 2.2.5, from 3.0.0
and befo ...)
NOT-FOR-US: Node find-my-way
CVE-2020-7763 (This affects the package phantom-html-to-pdf before 0.6.1. ...)
@@ -57767,7 +57773,7 @@ CVE-2020-6021
CVE-2020-6020 (Check Point Security Management's Internal CA web management
before Ju ...)
NOT-FOR-US: Check Point
CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0
improperly han ...)
- TODO: check
+ NOT-FOR-US: Valve's Game Networking Sockets
CVE-2020-6018
RESERVED
CVE-2020-6017
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf419ad6042207774fbceee79c1f7e84ba9f328
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bf419ad6042207774fbceee79c1f7e84ba9f328
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
