Bug#947758: buster-pu: package node-handlebars/3:4.1.0-1+deb10u1
Le 07/02/2020 à 20:16, Adam D. Barratt a écrit :
> On Sat, 2020-01-25 at 20:40 +0000, Adam D. Barratt wrote:
>> Control: tags -1 + confirmed
>>
>> On Mon, 2019-12-30 at 07:51 +0100, Xavier Guimard wrote:
>>> node-handlebars is vulnearable to prototype pollution (CVE-2019-
>>> 19919).
>>>
>>
>> Please go ahead.
>
> This apparently causes regressions in the autopkgtests of node-
> markdown-it-html5-embed, which you also most recently uploaded - see
> https://ci.debian.net/user/britney/jobs?package=node-markdown-it-html5-embed&suite[]=stable&arch[]=amd64
>
> Is this enough of an issue to not include the node-handlebars update?
>
> Regards,
>
> Adam
Hi,
then please defer node-handlebars update until I understand what happens.
Cheers,
Xavier
Reply to: