Package: node-tough-cookie
Severity: grave
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010
Cheers,
Moritz
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
Source: nodejs
Severity: grave
Tags: security
Hi,
please see https://nodejs.org/en/blog/release/v4.8.4/
and https://nodejs.org/en/blog/release/v6.11.1/
The hash see vulnerabiliy doesn't have a CVE ID yet and the
c-ares one is being addressed via the sec:c-ares package.
Cheers,
Moritz
On Tue, Feb 28, 2017 at 02:28:28PM +0200, Adrian Bunk wrote:
> Control: severity -1 serious
>
> Dozens of unfixed CVEs, the oldest unfixed CVEs will be more than
> 4 years old when stretch gets released.
>
> In the current state the package is really too buggy for shipping
> in a new stable
Source: nodejs
Severity: grave
Tags: security
Please see
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
Cheers,
Moritz
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
On Tue, Apr 26, 2016 at 11:32:54PM +0200, Jérémy Lal wrote:
> Update:
> https://nodejs.org/en/blog/announcements/v6-release
> """
> In October 2016, Node.js v6 will become the LTS release and the LTS release
> line (version 4)
> will go under maintenance mode in April 2017, meaning only critical
Package: node-serve-static
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see https://nodesecurity.io/advisories/serve-static-open-redirect
Cheers,
Moritz
___
Pkg-javascript-devel mailing list
Package: yui
Severity: grave
Tags: security
Justification: user security hole
This was assigned CVE-2013-6780:
https://yuilibrary.com/support/2013-vulnerability/
Given that upstream states
| YUI 2 is an end-of-lifed project and is no longer supported. All YUI 2 .swf
files
| have been
Package: libv8
Severity: grave
Tags: security
Justification: user security hole
The previous Chrome release fixed two security issues in libv8:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0836
It's probably best to contact
On Sun, Dec 16, 2012 at 11:08:34PM +0100, Jérémy Lal wrote:
On 16/12/2012 23:00, Allison Randal wrote:
The details on these two CVE's are 403 for me:
CVE-2012-5120
https://code.google.com/p/chromium/issues/detail?id=150729
CVE-2012-5128
Package: libv8
Severity: grave
Tags: security
Justification: user security hole
Please see
http://googlechromereleases.blogspot.de/2012/11/stable-channel-release-and-beta-channel.html
Cheers,
Moritz
___
Pkg-javascript-devel mailing list
On Tue, Nov 06, 2012 at 10:15:51AM +0100, Luciano Bello wrote:
Package: yui
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see :
http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-
in-yui-2/
Are vulnerable versions in Debian?
11 matches
Mail list logo