Hi Xavier,
On Thu, Oct 03, 2019 at 06:27:40PM +0200, Xavier wrote:
> Hi,
>
> I don't know if you want to DSA this bug. Anyway here is the patch.
I think we can have this schedule via next point releases as well.
Regards,
Salvatore
Hi,
I don't know if you want to DSA this bug. Anyway here is the patch.
Cheers,
Xavier
https://bugs.debian.org/941354
https://security-tracker.debian.org/tracker/CVE-2019-5448
diff --git a/debian/changelog b/debian/changelog
index 01fe7d70d..464a7c745 100644
--- a/debian/changelog
+++ b/debian/c
Source: node-yarnpkg
Version: 1.13.0-2
Severity: important
Tags: security upstream
Control: found -1 1.13.0-1
Hi,
The following vulnerability was published for node-yarnpkg.
CVE-2019-5448[0]:
| Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive
| Data due to HTTP URLs in lockfil
3 matches
Mail list logo
