On 07/10/2013 12:11 PM, Jérémy Lal wrote: > The security issue is fixed there : > https://github.com/isaacs/npm/commit/f4d31693 > > this will eventually come to npm debian package.
Thanks for the followup on this, jérémy!
I confess i'm kind of amazed that node doesn't have any primitive like
mkstemp(3), or if it does, that npm isn't using such a primitive.
Has a CVE been requested or assigned for this yet? I'd be happy to make
the request if you think that would be useful.
regards,
--dkg
signature.asc
Description: OpenPGP digital signature
