Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1

To: 1032994@bugs.debian.org
Subject: Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
From: Yadd <yadd@debian.org>
Date: Wed, 15 Mar 2023 16:43:56 +0400
Message-id: <[🔎] fb24e758-184a-7801-0e70-6f22fbf44e48@debian.org>
Reply-to: Yadd <yadd@debian.org>, 1032994@bugs.debian.org
In-reply-to: <[🔎] 167888392271.1801856.1546557073263234240.reportbug@debian007.xnr.fr>
References: <[🔎] 167888392271.1801856.1546557073263234240.reportbug@debian007.xnr.fr> <[🔎] 167888392271.1801856.1546557073263234240.reportbug@debian007.xnr.fr>

On 3/15/23 16:38, Yadd wrote:

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-webpack@packages.debian.org
Control: affects -1 + src:node-webpack

Please unblock package node-webpack

[ Reason ]
node-webpack is vulnerable to cross-realm object access
(#1032904, CVE-2023-28154).

[ Impact ]
Medium security issue

[ Tests ]
Test updated, passed

[ Risks ]
Low risk, autopkgtest passed on all reverse dependencies

[ Checklist ]
   [X] all changes are documented in the d/changelog
   [X] I reviewed all changes and I approve them
   [X] attach debdiff against the package in testing

[ Other info ]
The attached debdiff doesn't show the doc and test snapshot updates,
else debdiff is really big and not relevant.

Cheers,
Yadd

unblock node-webpack/5.76.1+dfsg1+~cs17.16.16-1


Sorry, I didn't see that node-webpack was considered as key package.

Reply to:

References:
- Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
  - From: Yadd <yadd@debian.org>

Prev by Date: Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
Next by Date: Processed: block 1032899 with 1032887
Previous by thread: Processed: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
Next by thread: Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
Index(es):
- Date
- Thread