On 07/10/2013 12:11 PM, Jérémy Lal wrote:
> The security issue is fixed there :
> https://github.com/isaacs/npm/commit/f4d31693
> 
> this will eventually come to npm debian package.

Thanks for the followup on this, jérémy!

I confess i'm kind of amazed that node doesn't have any primitive like
mkstemp(3), or if it does, that npm isn't using such a primitive.

Has a CVE been requested or assigned for this yet?  I'd be happy to make
the request if you think that would be useful.

regards,

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to