[Pkg-javascript-devel] Bug#877660: CVE-2017-15010

Package: node-tough-cookie Severity: grave Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010 Cheers, Moritz -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org

[Pkg-javascript-devel] Bug#868162: July 11th Security release

Source: nodejs Severity: grave Tags: security Hi, please see https://nodejs.org/en/blog/release/v4.8.4/ and https://nodejs.org/en/blog/release/v6.11.1/ The hash see vulnerabiliy doesn't have a CVE ID yet and the c-ares one is being addressed via the sec:c-ares package. Cheers, Moritz

[Pkg-javascript-devel] Bug#773671: Unfixed old CVEs should really be RC

On Tue, Feb 28, 2017 at 02:28:28PM +0200, Adrian Bunk wrote: > Control: severity -1 serious > > Dozens of unfixed CVEs, the oldest unfixed CVEs will be more than > 4 years old when stretch gets released. > > In the current state the package is really too buggy for shipping > in a new stable

[Pkg-javascript-devel] Bug#839714: CVE-2016-5325 / CVE-2016-7099

Source: nodejs Severity: grave Tags: security Please see https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ Cheers, Moritz -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org

[Pkg-javascript-devel] Nodejs in stretch

On Tue, Apr 26, 2016 at 11:32:54PM +0200, Jérémy Lal wrote: > Update: > https://nodejs.org/en/blog/announcements/v6-release > """ > In October 2016, Node.js v6 will become the LTS release and the LTS release > line (version 4) > will go under maintenance mode in April 2017, meaning only critical

[Pkg-javascript-devel] Bug#775843: node-serve-static: CVE-2015-1164

Package: node-serve-static Severity: grave Tags: security Justification: user security hole Hi, please see https://nodesecurity.io/advisories/serve-static-open-redirect Cheers, Moritz ___ Pkg-javascript-devel mailing list

[Pkg-javascript-devel] Bug#730104: yui: CVE-2013-6780

Package: yui Severity: grave Tags: security Justification: user security hole This was assigned CVE-2013-6780: https://yuilibrary.com/support/2013-vulnerability/ Given that upstream states | YUI 2 is an end-of-lifed project and is no longer supported. All YUI 2 .swf files | have been

[Pkg-javascript-devel] Bug#702261: libv8: CVE-2012-5153 CVE-2013-0836

Package: libv8 Severity: grave Tags: security Justification: user security hole The previous Chrome release fixed two security issues in libv8: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0836 It's probably best to contact

[Pkg-javascript-devel] Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128

On Sun, Dec 16, 2012 at 11:08:34PM +0100, Jérémy Lal wrote: On 16/12/2012 23:00, Allison Randal wrote: The details on these two CVE's are 403 for me: CVE-2012-5120 https://code.google.com/p/chromium/issues/detail?id=150729 CVE-2012-5128

[Pkg-javascript-devel] Bug#694808: libv8: CVE-2012-5120 CVE-2012-5128

Package: libv8 Severity: grave Tags: security Justification: user security hole Please see http://googlechromereleases.blogspot.de/2012/11/stable-channel-release-and-beta-channel.html Cheers, Moritz ___ Pkg-javascript-devel mailing list

[Pkg-javascript-devel] Bug#692434: yui: CVE-2012-5475 - YUI 2.x security issue regarding embedded SWF files

On Tue, Nov 06, 2012 at 10:15:51AM +0100, Luciano Bello wrote: Package: yui Severity: grave Tags: security Justification: user security hole Hi, please see : http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability- in-yui-2/ Are vulnerable versions in Debian?