package: src:nodejs severity: important tags: security Hi,
the following vulnerability was published for nodejs. CVE-2014-7192[0],[1]: | Eval injection vulnerability in index.js in the syntax-error package | before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application | Developer and other products, allows remote attackers to execute | arbitrary code via a crafted file. The advisories seem to indicate that this is fixed in the development version 0.11, but I haven't checked that. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-7192 [1] https://nodesecurity.io/advisories/syntax-error-potential-script-injection Please adjust the affected versions in the BTS as needed. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org