Bug#947758: buster-pu: package node-handlebars/3:4.1.0-1+deb10u1
On Sat, 2020-01-25 at 20:40 +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Mon, 2019-12-30 at 07:51 +0100, Xavier Guimard wrote:
> > node-handlebars is vulnearable to prototype pollution (CVE-2019-
> > 19919).
> >
>
> Please go ahead.
This apparently causes regressions in the autopkgtests of node-
markdown-it-html5-embed, which you also most recently uploaded - see
https://ci.debian.net/user/britney/jobs?package=node-markdown-it-html5-embed&suite[]=stable&arch[]=amd64
Is this enough of an issue to not include the node-handlebars update?
Regards,
Adam
Reply to: