On 07/10/2013 12:11 PM, Jérémy Lal wrote:
> The security issue is fixed there :
> https://github.com/isaacs/npm/commit/f4d31693
> this will eventually come to npm debian package.

Thanks for the followup on this, jérémy!

I confess i'm kind of amazed that node doesn't have any primitive like
mkstemp(3), or if it does, that npm isn't using such a primitive.

Has a CVE been requested or assigned for this yet?  I'd be happy to make
the request if you think that would be useful.



Attachment: signature.asc
Description: OpenPGP digital signature

Pkg-javascript-devel mailing list

Reply via email to