Bug#941683: buster-pu: package node-yarnpkg/1.13.0-1+deb10u1

To: Xavier Guimard <yadd@debian.org>, 941683@bugs.debian.org
Subject: Bug#941683: buster-pu: package node-yarnpkg/1.13.0-1+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 08 Nov 2019 21:00:25 +0000
Message-id: <[🔎] 9f52fd1b77d8c7568400f27ccfde7000fe620bde.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 941683@bugs.debian.org
In-reply-to: <157012906998.14868.10794233492131779982.reportbug@deb007.xnr.fr>
References: <157012906998.14868.10794233492131779982.reportbug@deb007.xnr.fr> <157012906998.14868.10794233492131779982.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Thu, 2019-10-03 at 20:57 +0200, Xavier Guimard wrote:
> node-yarnpkg is vulnerable: it exports auth data in http requests
> (#941354, CVE-2019-5448). This patch imports upstream fix.

Please go ahead; thanks.

Regards,

Adam

Reply to:

Prev by Date: Bug#941365: buster-pu: package libimobiledevice/1.2.1~git20181030.92c5462-2
Next by Date: Processed: Re: Bug#941683: buster-pu: package node-yarnpkg/1.13.0-1+deb10u1
Previous by thread: Bug#941365: buster-pu: package libimobiledevice/1.2.1~git20181030.92c5462-2
Next by thread: Processed: Re: Bug#941683: buster-pu: package node-yarnpkg/1.13.0-1+deb10u1
Index(es):
- Date
- Thread