Bug#935970: stretch-pu: package node-fstream/1.0.10-1+deb9u1

To: Xavier Guimard <yadd@debian.org>, 935970@bugs.debian.org
Subject: Bug#935970: stretch-pu: package node-fstream/1.0.10-1+deb9u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 01 Sep 2019 11:38:25 +0100
Message-id: <[🔎] fe07810a68334ef7914273de242928d95fd80ebc.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 935970@bugs.debian.org
In-reply-to: <156700400348.2475.18372744879564428319.reportbug@mac-debian.lemonldap-ng.org>
References: <156700400348.2475.18372744879564428319.reportbug@mac-debian.lemonldap-ng.org> <156700400348.2475.18372744879564428319.reportbug@mac-debian.lemonldap-ng.org>

Control: tags -1 + moreinfo

On Wed, 2019-08-28 at 16:53 +0200, Xavier Guimard wrote:
> node-fstream is vulnerable to Arbitrary File Overwrite (#931408,
> CVE-2019-13173). This little patch fixes the problem.
> 

stretch and buster currently have the same version of node-fstream, so
this would want fixing in buster first to avoid giving us version skew.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#935970: stretch-pu: package node-fstream/1.0.10-1+deb9u1
  - From: Xavier <yadd@debian.org>

Prev by Date: Processed: Re: Bug#939036: buster-pu: package libvirt/5.0.0-4+deb10u1
Next by Date: Processed: Re: Bug#935970: stretch-pu: package node-fstream/1.0.10-1+deb9u1
Previous by thread: Processed: Re: Bug#939036: buster-pu: package libvirt/5.0.0-4+deb10u1
Next by thread: Processed: Re: Bug#935970: stretch-pu: package node-fstream/1.0.10-1+deb9u1
Index(es):
- Date
- Thread