Bug#927378: stretch-pu: package node-superagent/0.20.0+dfsg-1+deb9u1

To: Xavier Guimard <yadd@debian.org>, 927378@bugs.debian.org
Subject: Bug#927378: stretch-pu: package node-superagent/0.20.0+dfsg-1+deb9u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 20 Apr 2019 11:22:13 +0100
Message-id: <[🔎] 1555755733.3187.23.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 927378@bugs.debian.org
In-reply-to: <[🔎] 155561304137.9569.8400174068152315722.reportbug@deb007.xnr.fr>
References: <[🔎] 155561304137.9569.8400174068152315722.reportbug@deb007.xnr.fr> <[🔎] 155561304137.9569.8400174068152315722.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Thu, 2019-04-18 at 20:44 +0200, Xavier Guimard wrote:
> I updated node-superagent for Buster. Now I would like to propose the
> security fix for stretch. This fixes CVE-2017-16129 (ZIP bomb
> attacks).

++        if (buffer) {
++      // Protectiona against zip bombs and other nuisance

The indentation on that first line looks a bit odd, and I assume
"protectiona" is either typoed or untranslated.

Please go ahead, bearing in mind that the window for getting fixes into
 9.9 closes during this weekend.

Regards,

Adam

Reply to:

References:
- Bug#927378: stretch-pu: package node-superagent/0.20.0+dfsg-1+deb9u1
  - From: Xavier Guimard <yadd@debian.org>

Prev by Date: Processed: Re: Bug#927378: stretch-pu: package node-superagent/0.20.0+dfsg-1+deb9u1
Next by Date: Bug#927422: stretch-pu: package jquery/3.1.1-2+deb9u1
Previous by thread: Processed: Re: Bug#927378: stretch-pu: package node-superagent/0.20.0+dfsg-1+deb9u1
Next by thread: Bug#927378: node-superagent 0.20.0+dfsg-1+deb9u1 flagged for acceptance
Index(es):
- Date
- Thread