Author: carnil
Date: 2016-06-02 06:13:35 +0000 (Thu, 02 Jun 2016)
New Revision: 42236
Modified:
data/CVE/list
Log:
CVE-2015-8857 assigned for uglifyjs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-02 06:12:17 UTC (rev 42235)
+++ data/CVE/list 2016-06-02 06:13:35 UTC (rev 42236)
@@ -3171,8 +3171,6 @@
RESERVED
- uglifyjs <unfixed> (unimportant)
NOTE: libv8 is not covered by security support
-CVE-2015-8857
- RESERVED
CVE-2015-8854 [marked: regular expression denial of service]
RESERVED
- node-marked <unfixed> (unimportant)
@@ -7918,7 +7916,7 @@
NOT-FOR-US: SAP
CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver
J2EE ...)
NOT-FOR-US: SAP
-CVE-2015-XXXX [incorrect handling of non-boolean comparisons during
minification]
+CVE-2015-8857 [incorrect handling of non-boolean comparisons during
minification]
- uglifyjs <unfixed> (unimportant)
NOTE: fixed in 2.4.24
NOTE: https://zyan.scripts.mit.edu/blog/backdooring-js/
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
