Bug#991632: buster-pu: package node-jszip/3.1.4+dfsg-1+deb10u1

To: 991632@bugs.debian.org
Subject: Bug#991632: buster-pu: package node-jszip/3.1.4+dfsg-1+deb10u1
From: Yadd <yadd@debian.org>
Date: Fri, 1 Oct 2021 10:47:06 +0200
Message-id: <[🔎] 395f1224-6fa0-d3e6-42a8-9090bacfc31a@debian.org>
Reply-to: Yadd <yadd@debian.org>, 991632@bugs.debian.org
In-reply-to: <c6fbfe9d60cf1461df7a11a552098345fb53550a.camel@adam-barratt.org.uk>
References: <162755683839.1055144.13978508853156109387.reportbug@deb007.xnr.fr> <c6fbfe9d60cf1461df7a11a552098345fb53550a.camel@adam-barratt.org.uk> <162755683839.1055144.13978508853156109387.reportbug@deb007.xnr.fr>

Control: tags -1 - moreinfo

Le 30/09/2021 à 21:45, Adam D. Barratt a écrit :
> Control: tags -1 + moreinfo
> 
> On Thu, 2021-07-29 at 13:07 +0200, Yadd wrote:
>> node-jszip is vulnerable to a prototype pollution (CVE-2021-23413)
>>
> 
> +  * Fix a null prototype object for this.files (Closes: CVE-2021-
> 23413)
> 
> As far as I can tell, you're fixing an issue by *using* a null
> prototype object, whereas the changelog entry above implies that you're
> removing such a use.
> 
> Regards,

Sorry, fixed and pushed (commit was "fix: use a null...").

Cheers,
Yadd

Reply to:

Prev by Date: NEW changes in stable-new
Next by Date: Processed: Re: Bug#991632: buster-pu: package node-jszip/3.1.4+dfsg-1+deb10u1
Previous by thread: Bug#994829: marked as done (buster-pu: package node-prismjs/1.11.0+dfsg-3+deb10u1)
Next by thread: Processed: Re: Bug#991632: buster-pu: package node-jszip/3.1.4+dfsg-1+deb10u1
Index(es):
- Date
- Thread