[SECURITY] [DLA 2368-1] grunt security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2368-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
September 09, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : grunt
Version : 1.0.1-5+deb9u1
CVE ID : CVE-2020-7729
Debian Bug : #969668
It was discovered that there was a arbitrary code execution
vulnerability in grunt, a Javascript task runner. This was possible
due to the unsafe loading of YAML documents.
For Debian 9 "Stretch", this problem has been fixed in version
1.0.1-5+deb9u1.
We recommend that you upgrade your grunt packages.
For the detailed security status of grunt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/grunt
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9Yvf0ACgkQHpU+J9Qx
HlhuRxAAngB5MesozAFPRSRAzduWQrUbH3JBnnxWLWICIbwNwfSxdI0d+d/9x0l8
fGCVW6VEtmZx6TDlu3/UzEHkk5qsH6LD7uqk2hfSJkSupl+tuznvi2IxqB/eBhWS
1w56WXcrpFmHPc4SyhifgSFBHGJmpFQizqNHKcgfSsc4Yqy0ObXb4qpw0bcE5VLC
je0xvDpc2/I0+/hr+5eTNGn0jWi0M/4C/W3cfJojau8Iqlhpw3vWv2+FAMsQMW6d
tt1vn3bN56+SvBdinOKKfxpxiq7pksCRoykb/dufg15itSfp0tKJdnxpM+uTr+UY
FcZJ0vIU5AV9/mm3eCNc6ZFGWSnFKc2Zjei1tyAbFvssGVo0BppUuSl0dJiI6bG+
sVBi1sVxYzgDY8pmxMq90Ch2BN+TWm5gVpg+rAM1UTKNF7gIkr1aJYlzIC6ln9Dw
3Cf42wh/HL72jvufqoHBgJpqb2av51vCOYwD+Fgv8zLrhXQz5X6iIc/3vgkkvi1F
czubPLkggKId7n3C3a17OPtTeViLDtc112OAVpmw7N+Ha/iykiNnDdSyio9BA0oC
+l/XVyibph22FTPC0o6pLIjGNiCNDzIBnl6ufhSQ314hp6lX5sCoMi7YcQbOjaNR
7l89hAVSTRWFlNA1lqf15UmY911IrqhHeb7AsgbsKCDO4LGjjtM=
=8eDm
-----END PGP SIGNATURE-----
Reply to: