Bug#960575: buster-pu: package node-dot-prop/4.1.1-1+deb10u2
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
CVE-2020-8116 fix introduced a regression that affects npm (#960283).
This little fix solves the problem.
Cheers,
Xavier
diff --git a/debian/changelog b/debian/changelog
index f7509b9..9b6d599 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-dot-prop (4.1.1-1+deb10u2) buster; urgency=medium
+
+ * Fix regression introduced in CVE-2020-8116 fix (Closes: #960283)
+
+ -- Xavier Guimard <yadd@debian.org> Thu, 14 May 2020 09:42:34 +0200
+
node-dot-prop (4.1.1-1+deb10u1) buster; urgency=medium
* Team upload
diff --git a/debian/patches/CVE-2020-8116.diff b/debian/patches/CVE-2020-8116.diff
index b7d34f1..6d11ff8 100644
--- a/debian/patches/CVE-2020-8116.diff
+++ b/debian/patches/CVE-2020-8116.diff
@@ -38,7 +38,7 @@ Last-Update: 2020-02-06
}
const pathArr = getPathSegments(path);
-+ if (pathArray.length === 0) {
++ if (pathArr.length === 0) {
+ return;
+ }
@@ -48,7 +48,7 @@ Last-Update: 2020-02-06
}
const pathArr = getPathSegments(path);
-+ if (pathArray.length === 0) {
++ if (pathArr.length === 0) {
+ return;
+ }
@@ -58,7 +58,7 @@ Last-Update: 2020-02-06
}
const pathArr = getPathSegments(path);
-+ if (pathArray.length === 0) {
++ if (pathArr.length === 0) {
+ return;
+ }
Reply to: