Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
adce843e by Salvatore Bonaccorso at 2018-06-05T21:21:32+02:00
Process NFUs (various nodejs modules)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21610,13 +21610,13 @@ CVE-2018-3748
CVE-2018-3747
RESERVED
CVE-2018-3746 (The pdfinfojs NPM module versions <= 0.3.6 has a command
injection ...)
- TODO: check
+ NOT-FOR-US: pdfinfojs nodejs module
CVE-2018-3745 (atob 2.0.3 and earlier allocates uninitialized Buffers when
number is ...)
NOT-FOR-US: nodejs atob module
CVE-2018-3744 (The html-pages node module contains a path traversal
vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: html-pages nodejs module
CVE-2018-3743 (Open redirect in hekto <=0.2.3 when target domain name is
used as html ...)
- TODO: check
+ NOT-FOR-US: hekto nodejs module
CVE-2018-3742
REJECTED
CVE-2018-3741 (There is a possible XSS vulnerability in all
rails-html-sanitizer gem ...)
@@ -21640,9 +21640,9 @@ CVE-2018-3736
CVE-2018-3735
RESERVED
CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability
due to ...)
- TODO: check
+ NOT-FOR-US: stattic nodejs module
CVE-2018-3733 (crud-file-server node module before 0.9.0 suffers from a Path
...)
- TODO: check
+ NOT-FOR-US: crud-file-server nodejs module
CVE-2018-3732
RESERVED
CVE-2018-3731
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/adce843ee8d3783d6730c2e09aede088b885daf9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/adce843ee8d3783d6730c2e09aede088b885daf9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
