diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-06-06 13:00:25 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-06-06 13:00:25 +0200 |
commit | 8a3b01fdbadc71369b7a915bbaf0b265394a6d2d (patch) | |
tree | dd30e3beb4f30f682e2c657ef104ab128eb0e560 /data | |
parent | 2f1fee254a886c8d76980c4f5902debd9180d54b (diff) |
nodejs DSA
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 4 | ||||
-rw-r--r-- | data/DSA/list | 3 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
3 files changed, 4 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list index 742a99918a..c4ee0814f8 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -15075,9 +15075,7 @@ CVE-2020-8173 RESERVED CVE-2020-8172 [TLS session reuse can lead to host certificate verification bypass] RESERVED - - nodejs 10.21.0~dfsg-1 (bug #962145) - [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support) - [jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support) + - nodejs <not-affected> (Only affects 12.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172 CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS diff --git a/data/DSA/list b/data/DSA/list index 1b45643f3c..15fce1f738 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[06 Jun 2020] DSA-4696-1 nodejs - security update + {CVE-2020-8174 CVE-2020-11080} + [buster] - nodejs 10.21.0~dfsg-1~deb10u1 [03 Jun 2020] DSA-4695-1 firefox-esr - security update {CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410} [stretch] - firefox-esr 68.9.0esr-1~deb9u1 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 10ec8a451f..5606b3af13 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -30,8 +30,6 @@ linux (carnil) -- mercurial/oldstable -- -nodejs (jmm) --- nss/oldstable (jmm) Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 -- |