Re: Bug#1021648: buster-pu: package node-xmldom/0.1.27+ds-1+deb10u1

To: Yadd <yadd@debian.org>, debian-lts@lists.debian.org
Subject: Re: Bug#1021648: buster-pu: package node-xmldom/0.1.27+ds-1+deb10u1
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Tue, 18 Oct 2022 09:28:54 +0200
Message-id: <[🔎] 33ef24b7-29b4-382c-8b76-b918eeafaf25@debian.org>
In-reply-to: <[🔎] Y0btnPC7pUytq4Z1@eldamar.lan>
References: <166556232958.261203.3363530355735177128.reportbug@debian007.xnr.fr> <[🔎] Y0btnPC7pUytq4Z1@eldamar.lan>

Hi Yadd,

On 12/10/2022 18:38, Salvatore Bonaccorso wrote:

+node-xmldom (0.1.27+ds-1+deb10u1) buster; urgency=medium
+
+  * Team upload
+  * Fix prototype pollution (Closes: #1021618, CVE-2022-37616)
+
+ -- Yadd <yadd@debian.org>  Wed, 12 Oct 2022 10:07:56 +0200

Thanks for preparing this. I wonder if a fix for CVE-2021-21366 can be appliedwhile we're at it, if it's not too intrusive/risky?

Can you upload this (with or without the extra fix depending on your judgement)to security-master targeting buster-security? I can take of the paperwork afterthat.


Cheers,
Emilio

Reply to:

Follow-Ups:
- Re: Bug#1021648: buster-pu: package node-xmldom/0.1.27+ds-1+deb10u1
  - From: Yadd <yadd@debian.org>

References:
- Re: Bug#1021648: buster-pu: package node-xmldom/0.1.27+ds-1+deb10u1
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#1021973: iconv: undefined symbol after upgrade
Next by Date: Re: Bug#1021648: buster-pu: package node-xmldom/0.1.27+ds-1+deb10u1
Previous by thread: Re: Bug#1021648: buster-pu: package node-xmldom/0.1.27+ds-1+deb10u1
Next by thread: Re: Bug#1021648: buster-pu: package node-xmldom/0.1.27+ds-1+deb10u1
Index(es):
- Date
- Thread