diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2020-09-18 14:10:34 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-09-18 14:10:34 +0200 |
| commit | 601ee8508a0b22e09706a7c7dc7b7f00fe142a6d (patch) | |
| tree | 8f2d896660b0585618b51c79b903a065dbd29129 | |
| parent | 6cfc401f4da20cb6cb7dd91370932163ea294593 (diff) | |
refer to libuv1 for CVE-2020-8252
| -rw-r--r-- | data/CVE/list.2020 | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 6611253513..b1bf751f70 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -38750,8 +38750,9 @@ CVE-2020-8253 RESERVED CVE-2020-8252 [fs.realpath.native on may cause buffer overflow] RESERVED - - nodejs 12.18.4~dfsg-1 + - libuv1 1.39.0-1 NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 + NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests] RESERVED - nodejs <not-affected> (Only affects 14.x series) |