From 8a3b01fdbadc71369b7a915bbaf0b265394a6d2d Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Sat, 6 Jun 2020 13:00:25 +0200 Subject: nodejs DSA --- data/CVE/list | 4 +--- data/DSA/list | 3 +++ data/dsa-needed.txt | 2 -- 3 files changed, 4 insertions(+), 5 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 742a99918a..c4ee0814f8 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -15075,9 +15075,7 @@ CVE-2020-8173 RESERVED CVE-2020-8172 [TLS session reuse can lead to host certificate verification bypass] RESERVED - - nodejs 10.21.0~dfsg-1 (bug #962145) - [stretch] - nodejs (Nodejs in stretch not covered by security support) - [jessie] - nodejs (Nodejs in jessie not covered by security support) + - nodejs (Only affects 12.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172 CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS diff --git a/data/DSA/list b/data/DSA/list index 1b45643f3c..15fce1f738 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[06 Jun 2020] DSA-4696-1 nodejs - security update + {CVE-2020-8174 CVE-2020-11080} + [buster] - nodejs 10.21.0~dfsg-1~deb10u1 [03 Jun 2020] DSA-4695-1 firefox-esr - security update {CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410} [stretch] - firefox-esr 68.9.0esr-1~deb9u1 diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 10ec8a451f..5606b3af13 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -30,8 +30,6 @@ linux (carnil) -- mercurial/oldstable -- -nodejs (jmm) --- nss/oldstable (jmm) Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508 -- -- cgit v1.2.3