[Pkg-javascript-devel] Bug#932500: Bug#932500: vulnerability: prototype pollution
Salvatore Bonaccorso
carnil at debian.org
Sat Jul 20 21:23:34 BST 2019
Hi Xavier,
On Sat, Jul 20, 2019 at 05:44:05PM +0200, Xavier wrote:
> Le 20/07/2019 à 06:32, Paolo Greppi a écrit :
> > Package: node-mixin-deep
> > Version: 1.1.3-3
> > Severity: important
> >
> > Dear Maintainer,
> >
> > node-mixin-deep 1.1.3-3 is affected by a prototype pollution vulnerability:
> > https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
> > https://github.com/jonschlinkert/mixin-deep/issues/6
> >
> > Please upgrade to either 1.3.2 or 2.0.1.
> >
> > Thanks, Paolo
>
> Hello,
>
> here is a proposed fix.
Thanks for preparing a debdiff. Can you fix this via an upcoming point
release for buster?
Regards,
Salvatore
More information about the Pkg-javascript-devel
mailing list