[SECURITY] [DLA 2368-1] grunt security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2368-1] grunt security update
From: "Chris Lamb" <lamby@debian.org>
Date: Wed, 09 Sep 2020 12:38:48 +0100
Message-id: <[🔎] 159965132804.1288464.6249371297626843111@tinycat.chris-lamb.co.uk>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2368-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
September 09, 2020                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : grunt
Version        : 1.0.1-5+deb9u1
CVE ID         : CVE-2020-7729
Debian Bug     : #969668

It was discovered that there was a arbitrary code execution
vulnerability in grunt, a Javascript task runner. This was possible
due to the unsafe loading of YAML documents.

For Debian 9 "Stretch", this problem has been fixed in version
1.0.1-5+deb9u1.

We recommend that you upgrade your grunt packages.

For the detailed security status of grunt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/grunt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9Yvf0ACgkQHpU+J9Qx
HlhuRxAAngB5MesozAFPRSRAzduWQrUbH3JBnnxWLWICIbwNwfSxdI0d+d/9x0l8
fGCVW6VEtmZx6TDlu3/UzEHkk5qsH6LD7uqk2hfSJkSupl+tuznvi2IxqB/eBhWS
1w56WXcrpFmHPc4SyhifgSFBHGJmpFQizqNHKcgfSsc4Yqy0ObXb4qpw0bcE5VLC
je0xvDpc2/I0+/hr+5eTNGn0jWi0M/4C/W3cfJojau8Iqlhpw3vWv2+FAMsQMW6d
tt1vn3bN56+SvBdinOKKfxpxiq7pksCRoykb/dufg15itSfp0tKJdnxpM+uTr+UY
FcZJ0vIU5AV9/mm3eCNc6ZFGWSnFKc2Zjei1tyAbFvssGVo0BppUuSl0dJiI6bG+
sVBi1sVxYzgDY8pmxMq90Ch2BN+TWm5gVpg+rAM1UTKNF7gIkr1aJYlzIC6ln9Dw
3Cf42wh/HL72jvufqoHBgJpqb2av51vCOYwD+Fgv8zLrhXQz5X6iIc/3vgkkvi1F
czubPLkggKId7n3C3a17OPtTeViLDtc112OAVpmw7N+Ha/iykiNnDdSyio9BA0oC
+l/XVyibph22FTPC0o6pLIjGNiCNDzIBnl6ufhSQ314hp6lX5sCoMi7YcQbOjaNR
7l89hAVSTRWFlNA1lqf15UmY911IrqhHeb7AsgbsKCDO4LGjjtM=
=8eDm
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2366-1] imagemagick security update
Next by Date: [SECURITY] [DLA 2369-1] libxml2 security update
Previous by thread: [SECURITY] [DLA 2366-1] imagemagick security update
Next by thread: [SECURITY] [DLA 2369-1] libxml2 security update
Index(es):
- Date
- Thread