Bug#927378: stretch-pu: package node-superagent/0.20.0+dfsg-1+deb9u1
Control: tags -1 + confirmed
On Thu, 2019-04-18 at 20:44 +0200, Xavier Guimard wrote:
> I updated node-superagent for Buster. Now I would like to propose the
> security fix for stretch. This fixes CVE-2017-16129 (ZIP bomb
> attacks).
++ if (buffer) {
++ // Protectiona against zip bombs and other nuisance
The indentation on that first line looks a bit odd, and I assume
"protectiona" is either typoed or untranslated.
Please go ahead, bearing in mind that the window for getting fixes into
9.9 closes during this weekend.
Regards,
Adam
Reply to: