[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#947758: buster-pu: package node-handlebars/3:4.1.0-1+deb10u1

On Sat, 2020-01-25 at 20:40 +0000, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2019-12-30 at 07:51 +0100, Xavier Guimard wrote:
> > node-handlebars is vulnearable to prototype pollution (CVE-2019-
> > 19919).
> > 
> 
> Please go ahead.

This apparently causes regressions in the autopkgtests of node-
markdown-it-html5-embed, which you also most recently uploaded - see 
https://ci.debian.net/user/britney/jobs?package=node-markdown-it-html5-embed&suite[]=stable&arch[]=amd64

Is this enough of an issue to not include the node-handlebars update?

Regards,

Adam
Reply to: