mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #50992
[Bug 1805492] [NEW] Updating npm event-stream in Mahara package.json
*** This bug is a security vulnerability ***
Public security bug reported:
As the version in package.json is specified as "^3.3.4", there's the
potential for version 3.3.6 to have been retrieved. We've seen this on
at least one local Mahara instance.
The problematic version of the library has been pulled and version 3.3.4 is the last good version.
So will lock to version 3.3.4 for now.
** Affects: mahara
Importance: High
Status: In Progress
** Affects: mahara/17.10
Importance: High
Status: In Progress
** Affects: mahara/18.04
Importance: High
Status: In Progress
** Affects: mahara/18.10
Importance: High
Status: In Progress
** Affects: mahara/19.04
Importance: High
Status: In Progress
** Also affects: mahara/18.04
Importance: Undecided
Status: New
** Also affects: mahara/19.04
Importance: Undecided
Status: New
** Also affects: mahara/17.10
Importance: Undecided
Status: New
** Also affects: mahara/18.10
Importance: High
Status: In Progress
** Changed in: mahara/19.04
Importance: Undecided => High
** Changed in: mahara/18.10
Milestone: 19.04.0 => 18.10.1
** Changed in: mahara/19.04
Milestone: None => 19.04.0
** Changed in: mahara/18.04
Milestone: None => 18.04.4
** Changed in: mahara/17.10
Milestone: None => 17.10.8
** Changed in: mahara/18.04
Importance: Undecided => High
** Changed in: mahara/17.10
Importance: Undecided => High
** Changed in: mahara/19.04
Status: New => In Progress
** Changed in: mahara/18.04
Status: New => In Progress
** Changed in: mahara/17.10
Status: New => In Progress
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1805492
Title:
Updating npm event-stream in Mahara package.json
Status in Mahara:
In Progress
Status in Mahara 17.10 series:
In Progress
Status in Mahara 18.04 series:
In Progress
Status in Mahara 18.10 series:
In Progress
Status in Mahara 19.04 series:
In Progress
Bug description:
As the version in package.json is specified as "^3.3.4", there's the
potential for version 3.3.6 to have been retrieved. We've seen this
on at least one local Mahara instance.
The problematic version of the library has been pulled and version 3.3.4 is the last good version.
So will lock to version 3.3.4 for now.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1805492/+subscriptions
Follow ups
-
[Bug 1805492] Re: Updating npm event-stream in Mahara package.json
From: Robert Lyon, 2019-04-30
-
[Bug 1805492] Re: Updating npm event-stream in Mahara package.json
From: Rebecca Blundell, 2019-04-30
-
[Bug 1805492] Re: Updating npm event-stream in Mahara package.json
From: Robert Lyon, 2019-04-30
-
[Bug 1805492] A change has been merged
From: Mahara Bot, 2019-01-25
-
[Bug 1805492] A change has been merged
From: Mahara Bot, 2019-01-25
-
[Bug 1805492] Re: Updating npm event-stream in Mahara package.json
From: Robert Lyon, 2019-01-25
-
[Bug 1805492] A patch has been submitted for review
From: Mahara Bot, 2019-01-25
-
[Bug 1805492] A patch has been submitted for review
From: Mahara Bot, 2019-01-25
-
[Bug 1805492] Re: Updating npm event-stream in Mahara package.json
From: Robert Lyon, 2018-12-03
-
[Bug 1805492] A change has been merged
From: Mahara Bot, 2018-12-03
-
[Bug 1805492] A patch has been submitted for review
From: Mahara Bot, 2018-12-03
-
[Bug 1805492] A change has been merged
From: Mahara Bot, 2018-12-03
-
[Bug 1805492] Re: Updating npm event-stream in Mahara package.json
From: Steven, 2018-11-27
-
[Bug 1805492] Re: Updating npm event-stream in Mahara package.json
From: Robert Lyon, 2018-11-27
-
[Bug 1805492] A patch has been submitted for review
From: Mahara Bot, 2018-11-27
