refer to libuv1 for CVE-2020-8252

author: Moritz Muehlenhoff <jmm@debian.org> 2020-09-18 14:10:34 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2020-09-18 14:10:34 +0200
commit: 1aaba1e17e07908cfa0cdee2f463dd320e4fc6aa (patch)
tree: d35290f8d904bcfcfa2491654f9623a6c57104ee
parent: 788acf3a12d83e3b732cbdb3e55abea17294c31c (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 6611253513..b1bf751f70 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -38750,8 +38750,9 @@ CVE-2020-8253
 	RESERVED
 CVE-2020-8252 [fs.realpath.native on may cause buffer overflow]
 	RESERVED
-	- nodejs 12.18.4~dfsg-1
+	- libuv1 1.39.0-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
+	NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one
 CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests]
 	RESERVED
 	- nodejs <not-affected> (Only affects 14.x series)
author	Moritz Muehlenhoff <jmm@debian.org>	2020-09-18 14:10:34 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2020-09-18 14:10:34 +0200
commit	1aaba1e17e07908cfa0cdee2f463dd320e4fc6aa (patch)
tree	d35290f8d904bcfcfa2491654f9623a6c57104ee
parent	788acf3a12d83e3b732cbdb3e55abea17294c31c (diff)