Bug#1008168: bullseye-pu: package node-url-parse/1.5.3-1+deb11u1

To: Yadd <yadd@debian.org>
Cc: 1008168@bugs.debian.org
Subject: Bug#1008168: bullseye-pu: package node-url-parse/1.5.3-1+deb11u1
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Thu, 24 Mar 2022 15:12:37 +0100
Message-id: <[🔎] Yjx8VQruEL3ilRif@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 1008168@bugs.debian.org
In-reply-to: <[🔎] 164804192695.1474801.1170186912636886208.reportbug@debian007.xnr.fr>
References: <[🔎] 164804192695.1474801.1170186912636886208.reportbug@debian007.xnr.fr> <[🔎] 164804192695.1474801.1170186912636886208.reportbug@debian007.xnr.fr>

Am Wed, Mar 23, 2022 at 02:25:26PM +0100 schrieb Yadd:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> [ Reason ]
> node-url-parse is vulnerable to an authorization Bypass Through
> User-Controlled (CVE-2022-0686).

If we're doing an update, we could also include a fix for CVE-2022-0691?

Cheers,
        Moritz

Reply to:

References:
- Bug#1008168: bullseye-pu: package node-url-parse/1.5.3-1+deb11u1
  - From: Yadd <yadd@debian.org>

Prev by Date: Bug#959469: openssl 1.1.1n-0+deb10u1 flagged for acceptance
Next by Date: Bug#1003713: bullseye-pu: package telegram-desktop/3.1.1+ds-1~deb11u2
Previous by thread: Bug#1008168: bullseye-pu: package node-url-parse/1.5.3-1+deb11u1
Next by thread: Processed: affects 1008143
Index(es):
- Date
- Thread