diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-09-23 22:40:15 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-09-23 22:40:15 +0200 |
commit | d1ce8cecd378158e220adc44b98c39aaa7fcb61e (patch) | |
tree | 4a529a8ee1a5efcde4bee3f21271612755500f02 | |
parent | d5e7751e33d74d0fec1c8bc0f870ba3a47acf02d (diff) |
Add additional reference for CVE-2020-8252
This one is not yet public, but hopefully soon which can give additional
background to the issue.
-rw-r--r-- | data/CVE/2020.list | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 63cae552ac..13eb7bbe3e 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -39045,6 +39045,7 @@ CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before R CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ...) - libuv1 1.39.0-1 [stretch] - libuv1 <not-affected> (Vulnerable code introduced later) + NOTE: https://hackerone.com/reports/965914 NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead NOTE: of the bundled one. |