[Pkg-javascript-devel] Bug#932500: Bug#932500: vulnerability: prototype pollution
Xavier
yadd at debian.org
Sat Jul 20 22:21:47 BST 2019
Le 20/07/2019 à 22:23, Salvatore Bonaccorso a écrit :
> Hi Xavier,
>
> On Sat, Jul 20, 2019 at 05:44:05PM +0200, Xavier wrote:
>> Le 20/07/2019 à 06:32, Paolo Greppi a écrit :
>>> Package: node-mixin-deep
>>> Version: 1.1.3-3
>>> Severity: important
>>>
>>> Dear Maintainer,
>>>
>>> node-mixin-deep 1.1.3-3 is affected by a prototype pollution vulnerability:
>>> https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
>>> https://github.com/jonschlinkert/mixin-deep/issues/6
>>>
>>> Please upgrade to either 1.3.2 or 2.0.1.
>>>
>>> Thanks, Paolo
>>
>> Hello,
>>
>> here is a proposed fix.
>
> Thanks for preparing a debdiff. Can you fix this via an upcoming point
> release for buster?
>
> Regards,
> Salvatore
Of course, thanks for your work !
More information about the Pkg-javascript-devel
mailing list