Candidate: CVE-2015-8857
PublicDate: 2017-01-23 21:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8857
 https://nodesecurity.io/advisories/39
 http://www.openwall.com/lists/oss-security/2016/04/20/11

Description:
 The uglify-js package before 2.4.24 for Node.js does not properly account
 for non-boolean values when rewriting boolean expressions, which might
 allow attackers to bypass security mechanisms or possibly have unspecified
 other impact by leveraging improperly rewritten Javascript.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_uglifyjs:
 upstream: https://github.com/mishoo/UglifyJS2/commit/905b6011784ca60d41919ac1a499962b7c1d4b02
upstream_uglifyjs: released (2.4.24)
precise_uglifyjs: ignored (reached end-of-life)
precise/esm_uglifyjs: DNE (precise was needed)
trusty_uglifyjs: ignored (reached end-of-life)
trusty/esm_uglifyjs: DNE (trusty was needed)
vivid/stable-phone-overlay_uglifyjs: DNE
vivid/ubuntu-core_uglifyjs: DNE
wily_uglifyjs: ignored (reached end-of-life)
xenial_uglifyjs: ignored (end of standard support, was needed)
yakkety_uglifyjs: ignored (reached end-of-life)
zesty_uglifyjs: ignored (reached end-of-life)
artful_uglifyjs: ignored (reached end-of-life)
bionic_uglifyjs: not-affected (2.8.29-3)
cosmic_uglifyjs: not-affected (2.8.29-3)
disco_uglifyjs: not-affected (2.8.29-3)
eoan_uglifyjs: not-affected (2.8.29-3)
focal_uglifyjs: not-affected (2.8.29-3)
groovy_uglifyjs: not-affected (2.8.29-3)
hirsute_uglifyjs: not-affected (2.8.29-3)
impish_uglifyjs: not-affected (2.8.29-3)
jammy_uglifyjs: not-affected (2.8.29-3)
devel_uglifyjs: not-affected (2.8.29-3)