package: src:nodejs
severity: important
tags: security

Hi,

the following vulnerability was published for nodejs.

CVE-2014-7192[0],[1]:
| Eval injection vulnerability in index.js in the syntax-error package
| before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application
| Developer and other products, allows remote attackers to execute
| arbitrary code via a crafted file.

The advisories seem to indicate that this is fixed in the development
version 0.11, but I haven't checked that.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-7192
[1] https://nodesecurity.io/advisories/syntax-error-potential-script-injection

Please adjust the affected versions in the BTS as needed.

_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to