Bug#1004033: bullseye-pu: package node-fetch/2.6.1-5+deb11u1

To: Yadd <yadd@debian.org>, 1004033@bugs.debian.org
Subject: Bug#1004033: bullseye-pu: package node-fetch/2.6.1-5+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 19 Feb 2022 17:30:51 +0000
Message-id: <[🔎] 99e0b5d834d0069bb3ae12614301b5a8471edbf7.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1004033@bugs.debian.org
In-reply-to: <164260735098.1829095.2326089725185686916.reportbug@deb007.xnr.fr>
References: <164260735098.1829095.2326089725185686916.reportbug@deb007.xnr.fr> <164260735098.1829095.2326089725185686916.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Wed, 2022-01-19 at 16:49 +0100, Yadd wrote:
> node-fetch is vulnerable to privacy breach (CVE-2022-0235)
> 

+node-fetch (2.6.1-5+deb11u1) bullseye; urgency=medium
+
+  * Team upload
+  * Don't forward secure headers to 3th party (Closes: CVE-2022-0235)

s/3th/3rd/

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#1004533: bullseye-pu: package golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1
Next by Date: Processed: Re: Bug#1004033: bullseye-pu: package node-fetch/2.6.1-5+deb11u1
Previous by thread: Processed: Re: Bug#1004533: bullseye-pu: package golang-github-opencontainers-specs/1.0.2.41.g7413a7f-1
Next by thread: Processed: Re: Bug#1004033: bullseye-pu: package node-fetch/2.6.1-5+deb11u1
Index(es):
- Date
- Thread