Bug#991524: unblock: node-jszip/3.5.0+dfsg-2

[Yadd <yadd@debian.org>]

Le 26/07/2021 à 22:01, Yadd a écrit :
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package node-jszip
> 
> [ Reason ]
> node-jszip is vulnerable to a prototype pollution: rafting a new zip file
> with filenames set to Object prototype values (e.g __proto__, toString,
> etc) results in a returned object with a modified prototype instance.

Ref: CVE-2021-23413