-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2368-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 09, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : grunt Version : 1.0.1-5+deb9u1 CVE ID : CVE-2020-7729 Debian Bug : #969668 It was discovered that there was a arbitrary code execution vulnerability in grunt, a Javascript task runner. This was possible due to the unsafe loading of YAML documents. For Debian 9 "Stretch", this problem has been fixed in version 1.0.1-5+deb9u1. We recommend that you upgrade your grunt packages. For the detailed security status of grunt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/grunt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9Yvf0ACgkQHpU+J9Qx HlhuRxAAngB5MesozAFPRSRAzduWQrUbH3JBnnxWLWICIbwNwfSxdI0d+d/9x0l8 fGCVW6VEtmZx6TDlu3/UzEHkk5qsH6LD7uqk2hfSJkSupl+tuznvi2IxqB/eBhWS 1w56WXcrpFmHPc4SyhifgSFBHGJmpFQizqNHKcgfSsc4Yqy0ObXb4qpw0bcE5VLC je0xvDpc2/I0+/hr+5eTNGn0jWi0M/4C/W3cfJojau8Iqlhpw3vWv2+FAMsQMW6d tt1vn3bN56+SvBdinOKKfxpxiq7pksCRoykb/dufg15itSfp0tKJdnxpM+uTr+UY FcZJ0vIU5AV9/mm3eCNc6ZFGWSnFKc2Zjei1tyAbFvssGVo0BppUuSl0dJiI6bG+ sVBi1sVxYzgDY8pmxMq90Ch2BN+TWm5gVpg+rAM1UTKNF7gIkr1aJYlzIC6ln9Dw 3Cf42wh/HL72jvufqoHBgJpqb2av51vCOYwD+Fgv8zLrhXQz5X6iIc/3vgkkvi1F czubPLkggKId7n3C3a17OPtTeViLDtc112OAVpmw7N+Ha/iykiNnDdSyio9BA0oC +l/XVyibph22FTPC0o6pLIjGNiCNDzIBnl6ufhSQ314hp6lX5sCoMi7YcQbOjaNR 7l89hAVSTRWFlNA1lqf15UmY911IrqhHeb7AsgbsKCDO4LGjjtM= =8eDm -----END PGP SIGNATURE-----
