Bug#958931: buster-pu: package node-mongodb/3.1.13+~3.1.11-2+deb10u1

To: Xavier Guimard <yadd@debian.org>, 958931@bugs.debian.org
Subject: Bug#958931: buster-pu: package node-mongodb/3.1.13+~3.1.11-2+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 01 May 2020 11:11:43 +0100
Message-id: <[🔎] c99c202f61542c51bc5bc3e20cbf33ae34c763ca.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 958931@bugs.debian.org
In-reply-to: <158793032892.404363.1789314459173896837.reportbug@deb007.xnr.fr>
References: <158793032892.404363.1789314459173896837.reportbug@deb007.xnr.fr> <158793032892.404363.1789314459173896837.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Sun, 2020-04-26 at 21:45 +0200, Xavier Guimard wrote:
> bson (embedded in node-mongodb) is vulnerable to Deserialization of
> Untrusted Data. This upstream fix fixes both CVE-2019-2391 and CVE-
> 2020-7610.
> 

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#958916: buster-pu: package taglib/1.11.1+dfsg.1-0.3+deb10u1
Next by Date: Processed: Re: Bug#958931: buster-pu: package node-mongodb/3.1.13+~3.1.11-2+deb10u1
Previous by thread: Processed: Re: Bug#958916: buster-pu: package taglib/1.11.1+dfsg.1-0.3+deb10u1
Next by thread: Processed: Re: Bug#958931: buster-pu: package node-mongodb/3.1.13+~3.1.11-2+deb10u1
Index(es):
- Date
- Thread