Bug#969163: buster-pu: package npm/5.8.0+ds6-4+deb10u2

To: Xavier Guimard <yadd@debian.org>, 969163@bugs.debian.org
Subject: Bug#969163: buster-pu: package npm/5.8.0+ds6-4+deb10u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 30 Aug 2020 20:26:08 +0100
Message-id: <[🔎] 1dbeff982941bf9b706f8bd5f94c6c6326722e57.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 969163@bugs.debian.org
In-reply-to: <[🔎] 159861600513.2902317.3813549629028751518.reportbug@deb007.xnr.fr>
References: <[🔎] 159861600513.2902317.3813549629028751518.reportbug@deb007.xnr.fr> <[🔎] 159861600513.2902317.3813549629028751518.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Fri, 2020-08-28 at 14:00 +0200, Xavier Guimard wrote:
> npm is vulnerable to CVE-2020-15095: password in URL are stored in
> logs.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#969163: buster-pu: package npm/5.8.0+ds6-4+deb10u2
  - From: Xavier Guimard <yadd@debian.org>

Prev by Date: Processed: Re: Bug#969163: buster-pu: package npm/5.8.0+ds6-4+deb10u2
Next by Date: Processed: Re: Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2
Previous by thread: Processed: Re: Bug#969163: buster-pu: package npm/5.8.0+ds6-4+deb10u2
Next by thread: Bug#969168: RM: ruby-has-scope/0.7.2-2 ruby-inherited-resources/1.11.0-4
Index(es):
- Date
- Thread