Control: tags -1 -pending +confirmed On Mon, 2020-05-04 at 22:02 +0200, Xavier wrote: > Le 04/05/2020 à 18:53, Mattia Rizzolo a écrit : > > Hi, > > > > let me reply before adsb has a chance ;) > > > > On Mon, May 04, 2020 at 02:24:20PM +0200, Xavier wrote: > > > Finally I found a way to fix CVE and keep autopkgtest OK > > > (node-markdown-it-html5-embed). Here is a debdiff for a future > > > point release > > > > This is good, however, > > > > > diff --git a/debian/changelog b/debian/changelog > > > index b985661..64df8db 100644 > > > --- a/debian/changelog > > > +++ b/debian/changelog > > > @@ -1,3 +1,11 @@ > > > +node-handlebars (3:4.1.0-1+deb10u1) buster; urgency=medium > > > + > > > + * Team upload > > > + * Disallow calling "helperMissing" and "blockHelperMissing" > > > directly > > > + (Closes: CVE-2019-19919) > > > + > > > + -- Xavier Guimard <y...@debian.org> Mon, 04 May 2020 14:21:11 > > > +0200 > > > > By now 3:4.1.0-1+deb10u1 is already accepted in p-u, built and all, > > and > > it can't really be removed from there and replaced by a same- > > versined > > pacakge. > > > > Please prepare a +deb10u2 version, and post here a debdiff against > > the > > already uploaded +deb10u1 one. > > Is it good so ?
Sorry for the delay. Please feel free to go ahead. Regards, Adam
