[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#947758: buster-pu: package node-handlebars/3:4.1.0-1+deb10u1

Le 07/02/2020 à 20:16, Adam D. Barratt a écrit :
> On Sat, 2020-01-25 at 20:40 +0000, Adam D. Barratt wrote:
>> Control: tags -1 + confirmed
>>
>> On Mon, 2019-12-30 at 07:51 +0100, Xavier Guimard wrote:
>>> node-handlebars is vulnearable to prototype pollution (CVE-2019-
>>> 19919).
>>>
>>
>> Please go ahead.
> 
> This apparently causes regressions in the autopkgtests of node-
> markdown-it-html5-embed, which you also most recently uploaded - see 
> https://ci.debian.net/user/britney/jobs?package=node-markdown-it-html5-embed&suite[]=stable&arch[]=amd64
> 
> Is this enough of an issue to not include the node-handlebars update?
> 
> Regards,
> 
> Adam

Hi,

then please defer node-handlebars update until I understand what happens.

Cheers,
Xavier
Reply to: