Skip to main content
Topic: latest security vulnerbilities (Read 148 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Re: latest security vulnerbilities

Reply #1
The js-yaml version in the AUR is vulnerable:
$ yay -Ss js-yaml
aur/nodejs-js-yaml 3.10.0-1 (+1 0.00%)
    YAML 1.2 parser and writer

https://aur.archlinux.org/packages/nodejs-js-yaml
First Submitted:    2017-09-16 10:20
Last Updated:    2017-09-16 10:21

#3 JS-YAML
Affected versions: All versions prior to 3.13.0

safer-eval is not a package unless it's there under a different name and the others are OK at their current versions.

Re: latest security vulnerbilities

Reply #2
what is yaml?


Re: latest security vulnerbilities

Reply #4
It's been updated to a secure version:
Package Details: nodejs-js-yaml 3.13.1-1
If you git clone artix pkgbuild's there are yaml files in a hidden directory:
openrc/.artixlinux/agent.yaml
Contents of this file:

%YAML 1.2
---

label: master

Mysterious secret yaml agents? What do they do?