[Pkg-javascript-devel] Processed: tagging 926670

2019-04-08 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tags 926670 + upstream fixed-upstream Bug #926670 [src:node-xterm] CVE-2019-0542 Added tag(s) fixed-upstream and upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 926670:

[Pkg-javascript-devel] Bug#926670: CVE-2019-0542

2019-04-08 Thread Moritz Muehlenhoff
Source: node-xterm Severity: grave Tags: security Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0542 Cheers, Moritz -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net

[Pkg-javascript-devel] Bug#926616: Fwd: Bug#926650 closed by Ivo De Decker (unblock node-deep-extend)

2019-04-08 Thread Xavier
node-deep-extend 0.4.1-2 is unblocked Message transféré Sujet : Bug#926650 closed by Ivo De Decker (unblock node-deep-extend) Date : Mon, 08 Apr 2019 14:36:04 + De : Debian Bug Tracking System Répondre à : 926...@bugs.debian.org Pour : Xavier Guimard This is an

[Pkg-javascript-devel] Bug#926616: marked as done (CVE-2018-3750: Prototype Pollution)

2019-04-08 Thread Debian Bug Tracking System
Your message dated Mon, 08 Apr 2019 13:18:48 + with message-id and subject line Bug#926616: fixed in node-deep-extend 0.4.1-2 has caused the Debian Bug report #926616, regarding CVE-2018-3750: Prototype Pollution to be marked as done. This means that you claim that the problem has been dealt

[Pkg-javascript-devel] Processed: Bug #926616 in node-deep-extend marked as pending

2019-04-08 Thread Debian Bug Tracking System
Processing control commands: > tag -1 pending Bug #926616 [node-deep-extend] CVE-2018-3750: Prototype Pollution Added tag(s) pending. -- 926616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926616 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --

[Pkg-javascript-devel] Bug#926650: unblock: node-deep-extend/0.4.1-2

2019-04-08 Thread Xavier Guimard
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package node-deep-extend Hi all, node-deep-extend is vulnerable to CVE-2018-3750 [1]. This vulnerability has been tagged as unimportant, however patch is simple and package

[Pkg-javascript-devel] Processed: tagging 926616

2019-04-08 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tags 926616 + upstream Bug #926616 [node-deep-extend] CVE-2018-3750: Prototype Pollution Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 926616:

[Pkg-javascript-devel] Bug#926616: Bug#926616: CVE-2018-3750: Prototype Pollution

2019-04-08 Thread Paolo Greppi
Quick research: https://www.npmjs.com/advisories/612 node-deep-extend popcon = ~1900 apt-cache rdepends node-deep-extend node-deep-extend Reverse Depends: node-rc the watch file for node-rc is not picking up new releases because upstream uses the commit message to tag them instead of a

[Pkg-javascript-devel] Processed: Re: Bug#926616: CVE-2018-3750: Prototype Pollution

2019-04-08 Thread Debian Bug Tracking System
Processing control commands: > tags -1 + security Bug #926616 [node-deep-extend] CVE-2018-3750: Prototype Pollution Added tag(s) security. -- 926616: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926616 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --

[Pkg-javascript-devel] Bug#926616: Bug#926616: CVE-2018-3750: Prototype Pollution

2019-04-08 Thread Xavier
Control: tags -1 + security Le 08/04/2019 à 00:22, Jeff Cliff a écrit : > Package: node-deep-extend > Version: 0.4.1-1 > Severity: important > > Dear Maintainer, > > As per the ubuntu bug report: > > from https://snyk.io/vuln/npm:deep-extend:20180409 : > > deep-extend "all the listed modules