Discussion:
Bug#941683: buster-pu: package node-yarnpkg/1.13.0-1+deb10u1
Add Reply
Xavier Guimard
2019-10-03 19:10:02 UTC
Reply
Permalink
Package: release.debian.org
Severity: normal
Tags: buster
User: ***@packages.debian.org
Usertags: pu

Hi,

node-yarnpkg is vulnerable: it exports auth data in http requests
(#941354, CVE-2019-5448). This patch imports upstream fix.

Cheers,
Xavier
Adam D. Barratt
2019-11-08 21:10:01 UTC
Reply
Permalink
Control: tags -1 + confirmed
Post by Xavier Guimard
node-yarnpkg is vulnerable: it exports auth data in http requests
(#941354, CVE-2019-5448). This patch imports upstream fix.
Please go ahead; thanks.

Regards,

Adam
Adam D Barratt
2019-11-09 20:10:03 UTC
Reply
Permalink
package release.debian.org
tags 941683 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==============

Package: node-yarnpkg
Version: 1.13.0-1+deb10u1

Explanation: force using HTTPS for regular registries

Loading...