On 07/10/2013 12:11 PM, Jérémy Lal wrote: > The security issue is fixed there : > https://github.com/isaacs/npm/commit/f4d31693 > > this will eventually come to npm debian package.
Thanks for the followup on this, jérémy! I confess i'm kind of amazed that node doesn't have any primitive like mkstemp(3), or if it does, that npm isn't using such a primitive. Has a CVE been requested or assigned for this yet? I'd be happy to make the request if you think that would be useful. regards, --dkg
Description: OpenPGP digital signature