Control: tags -1 + confirmed On Thu, 2019-04-18 at 20:44 +0200, Xavier Guimard wrote: > I updated node-superagent for Buster. Now I would like to propose the > security fix for stretch. This fixes CVE-2017-16129 (ZIP bomb > attacks).
++ if (buffer) { ++ // Protectiona against zip bombs and other nuisance The indentation on that first line looks a bit odd, and I assume "protectiona" is either typoed or untranslated. Please go ahead, bearing in mind that the window for getting fixes into 9.9 closes during this weekend. Regards, Adam