718040 – glsa 202003-48 marks nodejs-10.20.1 vulnerable

Bug 718040 - glsa 202003-48 marks nodejs-10.20.1 vulnerable

Summary: glsa 202003-48 marks nodejs-10.20.1 vulnerable

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-04-18 11:28 UTC by Tomáš Mózes
Modified:	2020-10-18 07:13 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tomáš Mózes 2020-04-18 11:28:54 UTC

Version 10.20.1 is shown as vulnerable:

202003-48 [N] [local, remote] Node.js: Multiple vulnerabilities ( net-libs/nodejs-10.20.1 )

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2020-10-18 01:56:44 UTC

Package was marked as vulnerable because have no way to target multiple branches (package needs a at least subslots). There is not much we can do here: We could only ditch the GLSA which will cause that people only updating based on GLSA to not get the NodeJS upgrade.

But given that we are now (6 months after the report) at >=12.18 stable, I would keep GLSA and close bug as obsolete.