Debian Package Tracker - node-superagent

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0h 1m 0s
Last run: 2019-09-18 07:32:48
Previous status: pass

testing: pass (log)
The tests ran in 0h 0m 59s
Last run: 2019-09-22 16:39:24
Previous status: pass

stable: pass (log)
The tests ran in 0h 0m 20s
Last run: 2019-04-24 07:12:00
Previous status: fail

Created: 2019-09-18 Last update: 2019-09-23 12:12

A new upstream version is available: 5.1.0 high

A new upstream version 5.1.0 is available, you should consider packaging it.

Created: 2017-11-21 Last update: 2019-09-23 11:52

1 ignored security issue in jessie low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2017-16129: The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.

Please fix it.

Created: 2019-04-17 Last update: 2019-08-06 07:30