node-object-path (0.11.4-2+deb10u2) buster-security; urgency=high * Non-maintainer upload by the LTS Security Team. * CVE-2021-3805: Prototype pollution vulnerability in the `del()`, `empty()`, `push()` and `insert()` functions when using the "inherited props" mode. * CVE-2021-23434: A type confusion vulnerability can lead to a bypass of the CVE-2020-15256 fix when the path components used in the path parameter are arrays. -- Guilhem Moulin Sun, 29 Jan 2023 15:19:31 +0100 node-object-path (0.11.4-2+deb10u1) buster; urgency=medium * Team upload * Fix prototype pollution in set() (Closes: CVE-2020-15256) -- Xavier Guimard Thu, 22 Oct 2020 18:38:10 +0200 node-object-path (0.11.4-2) unstable; urgency=medium * Update Vcs fields for migration to https://salsa.debian.org/ * Honor DEB_BUILD_OPTIONS * Bump debhelper compat * Fix nodejs binary * Update copyright -- Paolo Greppi Tue, 08 Jan 2019 14:53:51 +0100 node-object-path (0.11.4-1) experimental; urgency=medium * Team upload [ Paolo Greppi ] * New upstream release * Bump standards version and fix section [ arunasank ] * Port tests to chai 4 (Closes: #884155) -- Pirate Praveen Sat, 20 Jan 2018 16:46:05 +0530 node-object-path (0.11.3-1) unstable; urgency=low * Initial release (Closes: #846215) -- Paolo Greppi Mon, 12 Dec 2016 07:38:26 +0000