Stay Secure with the Latest Linux Advisories

security advisoryFedorapackage update

Fedora 30: Urgent Nodejs Mixin Vulnerability Notice FEDORA-2020-4a8f110332

Update to upstream 1.3.2 release for CVE-2019-10746. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-4a8f110332 2020-02-08 01:36:33.446858 --------------------------------------------------------------------------------Name : nodejs-mixin-deep Product : Fedora 30 Version : 1.3.2 Release : 1.fc30 URL : https://github.com/jonschlinkert/mixin-deep Summary : Deeply mix the properties of objects into the first object Description : Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone. --------------------------------------------------------------------------------Update Information: Update to upstream 1.3.2 release for CVE-2019-10746 --------------------------------------------------------------------------------ChangeLog: * Wed Jan 29 2020 Jared K. Smith - 1.3.2-1 - Update to upstream 1.3.2 release for CVE-2019-10746 * Thu Jul 25 2019 Fedora Release Engineering - 1.3.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1795475 - CVE-2019-10746 nodejs-mixin-deep: prototype pollution in function mixin-deep https://bugzilla.redhat.com/show_bug.cgi?id=1795475 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-4a8f110332' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailinglist -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Important announcement for Fedora 30 resolves the prototype pollution vulnerability found in nodejs-mixin-deep. Please update to version 1.3.2 immediately.. Fedora Update, Package Security, Nodejs Vulnerability, CVE-2019-10746. . Severity: Critical. LinuxSecurity.com Team

Feb 07, 2020 •Critical Fedora