[Pkg-javascript-devel] Bug#927716: Bug#927716: Bug#927716: CVE-2018-1109
Xavier
yadd at debian.org
Thu Apr 25 12:41:20 BST 2019
Control: tags -1 + moreinfo
Le 22/04/2019 à 07:38, Xavier a écrit :
> Le 21/04/2019 à 22:33, Moritz Muehlenhoff a écrit :
>> Package: node-braces
>> Severity: important
>> Tags: security
>>
>> Please see https://snyk.io/vuln/npm:braces:20180219
>>
>> Patch:
>> https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
>>
>> Cheers,
>> Moritz
>
> Buster version (2.0.2) seems not easily to patch.
It seems that the vulnerable regexp doesn't exist in node-braces 2.0.2.
I can't find any exploit to verify this. Could someone help here ?
More information about the Pkg-javascript-devel
mailing list