[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#1021648: buster-pu: package node-xmldom/0.1.27+ds-1+deb10u1

Hi Yadd,

On 12/10/2022 18:38, Salvatore Bonaccorso wrote:
+node-xmldom (0.1.27+ds-1+deb10u1) buster; urgency=medium
+  * Team upload
+  * Fix prototype pollution (Closes: #1021618, CVE-2022-37616)
+ -- Yadd <yadd@debian.org>  Wed, 12 Oct 2022 10:07:56 +0200

Thanks for preparing this. I wonder if a fix for CVE-2021-21366 can be applied while we're at it, if it's not too intrusive/risky?

Can you upload this (with or without the extra fix depending on your judgement) to security-master targeting buster-security? I can take of the paperwork after that.


Reply to: