Processed: Re: Bug#954398: buster-pu: package node-dot/1.1.1-1+deb10u1

Processing control commands: > tags -1 + confirmed Bug #954398 [release.debian.org] buster-pu: package node-dot/1.1.1-1+deb10u1 Added tag(s) confirmed. -- 954398: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954398 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#954398: buster-pu: package node-dot/1.1.1-1+deb10u1

Control: tags -1 + confirmed On Sat, 2020-03-21 at 09:29 +0100, Xavier Guimard wrote: > node-dot ≤ 1.1.2 is vulnerable to code execution after prototype > pollution. I imported upstream fix and wrote a basic test to verify > that CVE is really fixed. > Please go ahead. Regards, Adam

Bug#954398: buster-pu: package node-dot/1.1.1-1+deb10u1

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, node-dot ≤ 1.1.2 is vulnerable to code execution after prototype pollution. I imported upstream fix and wrote a basic test to verify that CVE is really fixed. Cheers, Xavier