Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4aff5c3b by Moritz Muehlenhoff at 2018-08-29T14:56:13Z
add nodejs upstream fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9668,6 +9668,7 @@ CVE-2018-12115 (In all versions of Node.js prior to
6.14.4, 8.11.4 and 10.9.0 wh
- nodejs <unfixed> (unimportant)
NOTE:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
NOTE: Nodejs not covered by security support
+ NOTE: https://github.com/nodejs/node/commit/fc14d812b7
CVE-2018-12114 (Maccms 10 allows CSRF via admin.php/admin/admin/info.html to
add user ...)
NOT-FOR-US: Maccms
CVE-2018-12113 (Core FTP LE version 2.2 Build 1921 is prone to a buffer
overflow ...)
@@ -23048,6 +23049,7 @@ CVE-2018-7166 (In all versions of Node.js 10 prior to
10.9.0, an argument proces
[experimental] - nodejs <unfixed>
- nodejs <not-affected> (Only affects 10.x and later)
NOTE:
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
+ NOTE:
https://github.com/nodejs/node/commit/40a7beeddac9b9ec9ef5b49157daaf8470648b08
CVE-2018-7165
RESERVED
CVE-2018-7164 (Node.js versions 9.7.0 and later and 10.x are vulnerable and
the ...)
@@ -23055,6 +23057,7 @@ CVE-2018-7164 (Node.js versions 9.7.0 and later and
10.x are vulnerable and the
[stretch] - nodejs <not-affected> (Only affects >= 9.x)
[jessie] - nodejs <not-affected> (Only affects >= 9.x)
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#memory-exhaustion-dos-on-v9-x-cve-2018-7164
+ NOTE: https://github.com/nodejs/node/commit/3217e8e66fa81e
CVE-2018-7163
RESERVED
CVE-2018-7162 (All versions of Node.js 9.x and 10.x are vulnerable and the
severity ...)
@@ -23062,11 +23065,13 @@ CVE-2018-7162 (All versions of Node.js 9.x and 10.x
are vulnerable and the sever
[stretch] - nodejs <not-affected> (Only affects >= 8.x)
[jessie] - nodejs <not-affected> (Only affects >= 8.x)
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#denial-of-service-vulnerability-in-tls-cve-2018-7162
+ NOTE: https://github.com/nodejs/node/commit/0cb3325f1
CVE-2018-7161 (All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and
the ...)
- nodejs <unfixed> (unimportant)
[stretch] - nodejs <not-affected> (Only affects >= 8.x)
[jessie] - nodejs <not-affected> (Only affects >= 8.x)
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#denial-of-service-vulnerability-in-http-2-cve-2018-7161
+ NOTE: https://github.com/nodejs/node/commit/8bf213dbdc7e
CVE-2018-7160 (The Node.js inspector, in 6.x and later is vulnerable to a DNS
...)
- nodejs <unfixed> (unimportant)
[stretch] - nodejs <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4aff5c3b290fcddfbd536224a1c74efa87b56c63
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4aff5c3b290fcddfbd536224a1c74efa87b56c63
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
