summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2020-09-23 22:40:15 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2020-09-23 22:40:15 +0200
commitd1ce8cecd378158e220adc44b98c39aaa7fcb61e (patch)
tree4a529a8ee1a5efcde4bee3f21271612755500f02
parentd5e7751e33d74d0fec1c8bc0f870ba3a47acf02d (diff)
Add additional reference for CVE-2020-8252
This one is not yet public, but hopefully soon which can give additional background to the issue.
-rw-r--r--data/CVE/2020.list1
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 63cae552ac..13eb7bbe3e 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -39045,6 +39045,7 @@ CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before R
CVE-2020-8252 (The implementation of realpath in libuv &lt; 10.22.1, &lt; 12.18.4, an ...)
- libuv1 1.39.0-1
[stretch] - libuv1 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://hackerone.com/reports/965914
NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead
NOTE: of the bundled one.

© 2014-2024 Faster IT GmbH | imprint | privacy policy