From 601ee8508a0b22e09706a7c7dc7b7f00fe142a6d Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 18 Sep 2020 14:10:34 +0200
Subject: refer to libuv1 for CVE-2020-8252

---
 data/CVE/list.2020 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 6611253513..b1bf751f70 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -38750,8 +38750,9 @@ CVE-2020-8253
 	RESERVED
 CVE-2020-8252 [fs.realpath.native on may cause buffer overflow]
 	RESERVED
-	- nodejs 12.18.4~dfsg-1
+	- libuv1 1.39.0-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
+	NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one
 CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests]
 	RESERVED
 	- nodejs <not-affected> (Only affects 14.x series)
-- 
cgit v1.2.3