[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#941227: [Pkg-javascript-devel] Bug#941227: buster-pu: package node-set-value/0.4.0-1+deb10u1

Control: tags -1 + confirmed

On Thu, 2019-09-26 at 20:40 +0200, Xavier wrote:
> I forgot debdiff, sorry
> 
> Le 26/09/2019 à 20:11, Xavier Guimard a écrit :
> > Package: release.debian.org
> > Severity: normal
> > Tags: buster
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> > 
> > Hi,
> > 
> > node-set-value is vulnerable to prototype pollution (#941189,
> > CVE-2019-10747). I imported and adapted upstream patch and added a
> > test
> > inspired from CVE report [1]. I think this could be safely added to
> > next
> > buster point release.
> > 

Please go ahead.

Regards,

Adam
Reply to: