Bug#941683: buster-pu: package node-yarnpkg/1.13.0-1+deb10u1

Discussion:

(too old to reply)

Xavier Guimard

2019-10-03 19:10:02 UTC

Package: release.debian.org
Severity: normal
Tags: buster
User: ***@packages.debian.org
Usertags: pu

Hi,

node-yarnpkg is vulnerable: it exports auth data in http requests
(#941354, CVE-2019-5448). This patch imports upstream fix.

Cheers,
Xavier

Adam D. Barratt

2019-11-08 21:10:01 UTC

Permalink

Control: tags -1 + confirmed

Post by Xavier Guimard
node-yarnpkg is vulnerable: it exports auth data in http requests
(#941354, CVE-2019-5448). This patch imports upstream fix.

Please go ahead; thanks.

Regards,

Adam

Adam D Barratt

2019-11-09 20:10:03 UTC

Permalink

package release.debian.org
tags 941683 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==============

Package: node-yarnpkg
Version: 1.13.0-1+deb10u1

Explanation: force using HTTPS for regular registries

2 Replies
1 View
Switch to linear view
Disable enhanced parsing
Permalink to this page

Thread Navigation

Xavier Guimard 2019-10-03 19:10:02 UTC

Adam D. Barratt 2019-11-08 21:10:01 UTC

Adam D Barratt 2019-11-09 20:10:03 UTC

about - legalese