[SECURITY] [DLA 2368-1] grunt security update

Type debian
Reporter Debian
Modified 2020-09-09T11:39:25


Debian LTS Advisory DLA-2368-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb September 09, 2020 https://wiki.debian.org/LTS

Package : grunt Version : 1.0.1-5+deb9u1 CVE ID : CVE-2020-7729 Debian Bug : #969668

It was discovered that there was a arbitrary code execution vulnerability in grunt, a Javascript task runner. This was possible due to the unsafe loading of YAML documents.

For Debian 9 "Stretch", this problem has been fixed in version 1.0.1-5+deb9u1.

We recommend that you upgrade your grunt packages.

For the detailed security status of grunt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/grunt

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS