Le samedi 20 décembre 2014 à 22:07 -0500, Michael Gilbert a écrit : > package: src:nodejs > CVE-2014-7192[0],[1]: > | Eval injection vulnerability in index.js in the syntax-error package > | before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application > | Developer and other products, allows remote attackers to execute > | arbitrary code via a crafted file.
This doesn't affect nodejs, but the "syntax-error" module, a dependency of browserify - both not packaged in debian. Cannot reassign, then. Maybe close ? Jérémy. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org