[Pkg-javascript-devel] Bug#932500: Bug#932500: vulnerability: prototype pollution
Xavier
yadd at debian.org
Sat Jul 20 07:29:45 BST 2019
Le 20/07/2019 à 06:32, Paolo Greppi a écrit :
> Package: node-mixin-deep
> Version: 1.1.3-3
> Severity: important
>
> Dear Maintainer,
>
> node-mixin-deep 1.1.3-3 is affected by a prototype pollution vulnerability:
> https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
> https://github.com/jonschlinkert/mixin-deep/issues/6
>
> Please upgrade to either 1.3.2 or 2.0.1.
>
> Thanks, Paolo
Looking at upstream issue comment, this issue has been already reported
by DSA and fixed (#898315, CVE-2018-3719)
See
https://salsa.debian.org/js-team/node-mixin-deep/blob/master/debian/patches/CVE-2018-3719.diff
More information about the Pkg-javascript-devel
mailing list