Release | Version |
---|---|
buster | 1.13.0-1+deb10u1 |
bullseye | 1.22.10+~cs22.25.14-3 |
bookworm | 1.22.19+~cs24.27.18-1 |
sid | 1.22.19+~cs24.27.18-1 |
Bug | buster | bullseye | bookworm | sid | Description |
---|---|---|---|---|---|
CVE-2020-8131 | vulnerable (no DSA) | fixed | fixed | fixed | Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ... |
CVE-2019-15608 | vulnerable (no DSA) | fixed | fixed | fixed | The package integrity validation in yarn < 1.19.0 contains a TOCTOU ... |
CVE-2019-10773 | vulnerable (no DSA) | fixed | fixed | fixed | In Yarn before 1.21.1, the package install functionality can be abused ... |
Bug | Description |
---|---|
CVE-2019-5448 | Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ... |