new nodejs issues

author: Moritz Muehlenhoff <jmm@debian.org> 2021-01-05 09:07:33 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2021-01-05 09:07:33 +0100
commit: c01d4a227209f59c1d28b89aceb99bad989c9bc8 (patch)
tree: 153b58adb774b42fb0a2f12ad99060cce72b0e02 /data
parent: 584910c5d0eb9bc398170559e38a2fc325a54df7 (diff)
2 files changed, 8 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 39fc410798..d1d3afd3aa 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -62503,8 +62503,10 @@ CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS be
 	NOT-FOR-US: Backblaze
 CVE-2020-8288
 	RESERVED
-CVE-2020-8287
+CVE-2020-8287 [nodejs: HTTP Request Smuggling]
 	RESERVED
+	- nodejs <unfixed>
+	NOTE: https://nodejs.org/en/blog/release/v10.23.1/
 CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...)
 	{DLA-2500-1}
 	- curl 7.74.0-1 (bug #977161)
@@ -62562,8 +62564,10 @@ CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 a
 	NOT-FOR-US: UniFi Protect controller
 CVE-2020-8266
 	RESERVED
-CVE-2020-8265
+CVE-2020-8265 [nodejs: use-after-free in TLSWrap]
 	RESERVED
+	- nodejs <unfixed>
+	NOTE: https://nodejs.org/en/blog/release/v10.23.1/
 CVE-2020-8264 [Possible XSS Vulnerability in Action Pack in Development Mode]
 	RESERVED
 	- rails 2:6.0.3.4+dfsg-1 (bug #971988)
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index eebf524f13..c984dc147a 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -29,6 +29,8 @@ minidlna
 --
 netty
 --
+nodejs
+--
 salt (carnil)
 --
 slurm-llnl (jmm)
author	Moritz Muehlenhoff <jmm@debian.org>	2021-01-05 09:07:33 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2021-01-05 09:07:33 +0100
commit	c01d4a227209f59c1d28b89aceb99bad989c9bc8 (patch)
tree	153b58adb774b42fb0a2f12ad99060cce72b0e02 /data
parent	584910c5d0eb9bc398170559e38a2fc325a54df7 (diff)