Back to grunt PTS page

Accepted grunt 1.0.1-8+deb10u2 (source all) into oldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted grunt 1.0.1-8+deb10u2 (source all) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 05 Apr 2023 17:30:21 +0000
Debian: DAK
Debian-architecture: source all
Debian-archive-action: accept
Debian-changes: grunt_1.0.1-8+deb10u2_amd64.changes
Debian-source: grunt
Debian-suite: oldstable
Debian-version: 1.0.1-8+deb10u2
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=FUfsjOSN2hTusROARl0etLuGaa3pua6njU0Tb7+4t5Q=; b=L2db4i7mRoVDUuLuRSTedn9E/K MJC2rOTJpAL8a4fX3vDGoKiEt4Bk7ojiSTSZoORvGXLMrNkBUI0/7CGXGGIj/iuiX01Cz8XY3uyIU DhbKg72GAZhTssgPwmTn6fmFoKwngldZPFBd/X+VMMk4T50jNTk3l1XCrRCDAczGlAIPF2QXCYJ8K G4mPvN+YTDK4IvULDeK4FpWNcVaqU0dOxEebiGtgWxocm8jgV+BCdIrrtdUs0J1sU3njDixJpF6Xk f7D06zyOIUp+OMWvKOX8Ep7k5xx/D59ikgipHTDXlyN1ZHqVhyhDXSMPd3OON15OhKvgiYb9urVUE j8uuNoZg==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1pk6xh-00AkCu-7T@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 05 Apr 2023 17:53:12 +0100
Source: grunt
Binary: grunt
Architecture: source all
Version: 1.0.1-8+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 grunt      - JavaScript task runner/build system/maintainer tool
Changes:
 grunt (1.0.1-8+deb10u2) buster-security; urgency=high
 .
   * Non-maintainer upload by the Debian LTS team.
   * CVE-2022-1537: file.copy operations in GruntJS were vulnerable to a TOCTOU
     ("Time-of-check to time-of-use") race condition that could have led to
     arbitrary file writes in GitHub repositories. This could have then led to
     local privilege escalation if a lower-privileged user had write access to
     both source and destination directories, as the lower-privileged user could
     have created a symlink to the GruntJS user's ~/.bashrc configuration file
     (etc).
Checksums-Sha1:
 7478032eeed54b85fd9fd7cff447917a1502f057 2666 grunt_1.0.1-8+deb10u2.dsc
 3f03e4378f7d5918de432175d9104bc4d66ec0b5 48954 grunt_1.0.1.orig.tar.gz
 5c32a247f97cb519984d71e25a7310a99524cffe 6056 grunt_1.0.1-8+deb10u2.debian.tar.xz
 588ee444c1210e389eefc9552aab1462a84667c7 24432 grunt_1.0.1-8+deb10u2_all.deb
 5b253f34c8765264db121b6324390583d666311d 10974 grunt_1.0.1-8+deb10u2_amd64.buildinfo
Checksums-Sha256:
 d05d93c27839909432d009aef78892ef1a4be832d797e67b53051ccd7c31ec0c 2666 grunt_1.0.1-8+deb10u2.dsc
 71ad5366879caeacd55fdf75faa1b1ee2eb9a28ec95f2601a4902c42dc1200a4 48954 grunt_1.0.1.orig.tar.gz
 972e43ed091d61235e097173f04d4d907099f4ee6bf8e9841e74e9a8d970598b 6056 grunt_1.0.1-8+deb10u2.debian.tar.xz
 51f2bab80e7d5874c51f6cb71b7e1104dde8c7561709e2cd89202aed2b19357c 24432 grunt_1.0.1-8+deb10u2_all.deb
 cc77bcb42b6f4e2f2fd7e47020cd4cdfa8447050f275531d7195a1f37398f9cc 10974 grunt_1.0.1-8+deb10u2_amd64.buildinfo
Files:
 90bbda806d4657797ad1b39f09297d99 2666 javascript optional grunt_1.0.1-8+deb10u2.dsc
 dc6e1c7575c3e9640ab3a3c2faff3c80 48954 javascript optional grunt_1.0.1.orig.tar.gz
 b7769b590c01b4ee0e1e0d4733285f7a 6056 javascript optional grunt_1.0.1-8+deb10u2.debian.tar.xz
 b33ad8afd67a8c0419a79297f01f015b 24432 javascript optional grunt_1.0.1-8+deb10u2_all.deb
 feea5adbe1e07c731e3c598ed809d39a 10974 javascript optional grunt_1.0.1-8+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmQtrrMACgkQHpU+J9Qx
HljpeRAAh2WM4GLKrveWZM553jtqQ/vsHY9UZk0wXF06tXLK4infNg7mDoU8Ld5X
sqrr3VriaSBxgsYXcGKLnptBH9XGAqE/Nb9KWnFhdf+mfO7aVUxsVAKCHy5PTmDN
f56d8+DzXIwaAfb4aUCA33utkPiLauHZHSN63QDkB27G3NVU64k0mKzjNL5OJU2P
uS73n733KP/nKJ65ysupKsBMqyAfymSN0zhOcT+v1pjPvBFB3fAhAQVjNFjeDCbK
UvHa188o/iT36ExcNn+qkbhVhE7qlU+H8WFkfAnHMFMpzNeMgFVbFTc6eh3dgHY4
oZv9sDYZblnpWrSNodXZsWAlFi/62j76qvxH2pj0OznyBETnMAgWMdYUZDZmIfhS
//EIToR0nFR++NaIYRXmBBjwUAAiJIG/Chofa56TTyjII3MHDQpLCAz7rGB/xDNT
5w0GWyaitB9xQC9UTyby/w1HbS9X0GxOmertKSUgUZhhBEab9a/sOvd/SPKafR/T
FpEE575wV+ohEkMgWRhRBlRm76rT+IFHTmm6iQQBwuzoCtk6gQkcBcfY2J1QchVm
6eIuv3lNqM+WYIiqujKDpFfeuED6n2k6FywZDAU+2fSAyvRnqGy/sUuRdq5hGlCn
byNaD1y6v9mSW5iuNBugG4xbgEclSB49bqJv+19SvV6xnHYEJKQ=
=Hmyt
-----END PGP SIGNATURE-----