Hi,
let me reply before adsb has a chance ;)
On Mon, May 04, 2020 at 02:24:20PM +0200, Xavier wrote:
> Finally I found a way to fix CVE and keep autopkgtest OK
> (node-markdown-it-html5-embed). Here is a debdiff for a future point release
This is good, however,
> diff --git a/debian/changelog b/debian/changelog
> index b985661..64df8db 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,11 @@
> +node-handlebars (3:4.1.0-1+deb10u1) buster; urgency=medium
> +
> + * Team upload
> + * Disallow calling "helperMissing" and "blockHelperMissing" directly
> + (Closes: CVE-2019-19919)
> +
> + -- Xavier Guimard <yadd@debian.org> Mon, 04 May 2020 14:21:11 +0200
By now 3:4.1.0-1+deb10u1 is already accepted in p-u, built and all, and
it can't really be removed from there and replaced by a same-versined
pacakge.
Please prepare a +deb10u2 version, and post here a debdiff against the
already uploaded +deb10u1 one.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature