Bug#941227: [Pkg-javascript-devel] Bug#941227: buster-pu: package node-set-value/0.4.0-1+deb10u1
Control: tags -1 + confirmed
On Thu, 2019-09-26 at 20:40 +0200, Xavier wrote:
> I forgot debdiff, sorry
>
> Le 26/09/2019 à 20:11, Xavier Guimard a écrit :
> > Package: release.debian.org
> > Severity: normal
> > Tags: buster
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> >
> > Hi,
> >
> > node-set-value is vulnerable to prototype pollution (#941189,
> > CVE-2019-10747). I imported and adapted upstream patch and added a
> > test
> > inspired from CVE report [1]. I think this could be safely added to
> > next
> > buster point release.
> >
Please go ahead.
Regards,
Adam
Reply to: