diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-09-18 14:35:39 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-09-18 14:35:39 +0200 |
commit | 95cf357ea1d4bb3ec694071ddbf03e2050c3f758 (patch) | |
tree | a665bb8ed5494ed1a9bdbdc23fad89ce68d02e88 | |
parent | 601ee8508a0b22e09706a7c7dc7b7f00fe142a6d (diff) |
Add reference for commit in libuv upstream referring to CVE-2020-8252
-rw-r--r-- | data/CVE/list.2020 | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index b1bf751f70..df32d87e65 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -38753,6 +38753,7 @@ CVE-2020-8252 [fs.realpath.native on may cause buffer overflow] - libuv1 1.39.0-1 NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one + NOTE: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests] RESERVED - nodejs <not-affected> (Only affects 14.x series) |