Bug#969366: buster-pu: package node-url-parse/1.2.0-2+deb10u1

To: Xavier Guimard <yadd@debian.org>, 969366@bugs.debian.org
Subject: Bug#969366: buster-pu: package node-url-parse/1.2.0-2+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 19 Sep 2020 14:54:44 +0100
Message-id: <[🔎] 5e50f931c9871ef456e6bc47eb84b6da3f880563.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 969366@bugs.debian.org
In-reply-to: <[🔎] 159895811890.226653.17277639036312043247.reportbug@deb007.xnr.fr>
References: <[🔎] 159895811890.226653.17277639036312043247.reportbug@deb007.xnr.fr> <[🔎] 159895811890.226653.17277639036312043247.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Tue, 2020-09-01 at 13:01 +0200, Xavier Guimard wrote:
> Insufficient validation and sanitization of user input exists in url-
> parse npm package version 1.4.4 and earlier may allow attacker to
> bypass security checks.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#969366: buster-pu: package node-url-parse/1.2.0-2+deb10u1
  - From: Xavier Guimard <yadd@debian.org>

Prev by Date: Bug#969348: buster-pu: package node-bl/1.1.2-1+deb10u1
Next by Date: Processed: Re: Bug#969348: buster-pu: package node-bl/1.1.2-1+deb10u1
Previous by thread: Bug#969366: buster-pu: package node-url-parse/1.2.0-2+deb10u1
Next by thread: Processed: Re: Bug#969366: buster-pu: package node-url-parse/1.2.0-2+deb10u1
Index(es):
- Date
- Thread