Control: tags -1 + confirmed On Thu, 2019-09-26 at 20:40 +0200, Xavier wrote: > I forgot debdiff, sorry > > Le 26/09/2019 à 20:11, Xavier Guimard a écrit : > > Package: release.debian.org > > Severity: normal > > Tags: buster > > User: release.debian....@packages.debian.org > > Usertags: pu > > > > Hi, > > > > node-set-value is vulnerable to prototype pollution (#941189, > > CVE-2019-10747). I imported and adapted upstream patch and added a > > test > > inspired from CVE report [1]. I think this could be safely added to > > next > > buster point release. > >
Please go ahead. Regards, Adam
