[Pkg-javascript-devel] Bug#926616: Bug#926616: CVE-2018-3750: Prototype Pollution

2019-04-08 Thread Paolo Greppi
Quick research: https://www.npmjs.com/advisories/612 node-deep-extend popcon = ~1900 apt-cache rdepends node-deep-extend node-deep-extend Reverse Depends: node-rc the watch file for node-rc is not picking up new releases because upstream uses the commit message to tag them instead of a

[Pkg-javascript-devel] Bug#926616: Bug#926616: CVE-2018-3750: Prototype Pollution

2019-04-08 Thread Xavier
Control: tags -1 + security Le 08/04/2019 à 00:22, Jeff Cliff a écrit : > Package: node-deep-extend > Version: 0.4.1-1 > Severity: important > > Dear Maintainer, > > As per the ubuntu bug report: > > from https://snyk.io/vuln/npm:deep-extend:20180409 : > > deep-extend "all the listed modules