Bug#991632: buster-pu: package node-jszip/3.1.4+dfsg-1+deb10u1
Control: tags -1 - moreinfo
Le 30/09/2021 à 21:45, Adam D. Barratt a écrit :
> Control: tags -1 + moreinfo
>
> On Thu, 2021-07-29 at 13:07 +0200, Yadd wrote:
>> node-jszip is vulnerable to a prototype pollution (CVE-2021-23413)
>>
>
> + * Fix a null prototype object for this.files (Closes: CVE-2021-
> 23413)
>
> As far as I can tell, you're fixing an issue by *using* a null
> prototype object, whereas the changelog entry above implies that you're
> removing such a use.
>
> Regards,
Sorry, fixed and pushed (commit was "fix: use a null...").
Cheers,
Yadd
Reply to: