[Pkg-javascript-devel] Bug#773623: nodejs: CVE-2014-7192
Jérémy Lal
kapouer at melix.org
Sun Dec 21 10:31:35 UTC 2014
Le samedi 20 décembre 2014 à 22:07 -0500, Michael Gilbert a écrit :
> package: src:nodejs
> CVE-2014-7192[0],[1]:
> | Eval injection vulnerability in index.js in the syntax-error package
> | before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application
> | Developer and other products, allows remote attackers to execute
> | arbitrary code via a crafted file.
This doesn't affect nodejs, but the "syntax-error" module, a dependency
of browserify - both not packaged in debian.
Cannot reassign, then. Maybe close ?
Jérémy.
More information about the Pkg-javascript-devel
mailing list