Bug#954398: buster-pu: package node-dot/1.1.1-1+deb10u1

To: Xavier Guimard <yadd@debian.org>, 954398@bugs.debian.org
Subject: Bug#954398: buster-pu: package node-dot/1.1.1-1+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 28 Mar 2020 12:44:08 +0000
Message-id: <[🔎] 50c3c81bb4d355c375b304da69bafd72a53aa511.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 954398@bugs.debian.org
In-reply-to: <[🔎] 158477934485.4060413.16287113308644770.reportbug@deb007.xnr.fr>
References: <[🔎] 158477934485.4060413.16287113308644770.reportbug@deb007.xnr.fr> <[🔎] 158477934485.4060413.16287113308644770.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Sat, 2020-03-21 at 09:29 +0100, Xavier Guimard wrote:
> node-dot ≤ 1.1.2 is vulnerable to code execution after prototype
> pollution. I imported upstream fix and wrote a basic test to verify
> that CVE is really fixed.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#954398: buster-pu: package node-dot/1.1.1-1+deb10u1
  - From: Xavier Guimard <yadd@debian.org>

Prev by Date: Bug#954404: buster-pu: package lwip/2.0.3-3
Next by Date: Processed: Re: Bug#954398: buster-pu: package node-dot/1.1.1-1+deb10u1
Previous by thread: Bug#954398: buster-pu: package node-dot/1.1.1-1+deb10u1
Next by thread: Processed: Re: Bug#954398: buster-pu: package node-dot/1.1.1-1+deb10u1
Index(es):
- Date
- Thread