On Sat, 2020-01-25 at 20:40 +0000, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Mon, 2019-12-30 at 07:51 +0100, Xavier Guimard wrote: > > node-handlebars is vulnearable to prototype pollution (CVE-2019- > > 19919). > > > > Please go ahead.
This apparently causes regressions in the autopkgtests of node- markdown-it-html5-embed, which you also most recently uploaded - see https://ci.debian.net/user/britney/jobs?package=node-markdown-it-html5-embed&suite[]=stable&arch[]=amd64 Is this enough of an issue to not include the node-handlebars update? Regards, Adam