Bug#1009345: bullseye-pu: package node-moment/2.29.1+ds-2+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
[ Reason ]
node-moment is vulnerable to path traversal (#1009327, CVE-2022-24785)
[ Impact ]
Medium vulnerability
[ Tests ]
No changes in test
[ Risks ]
Low risk, patch is trivial
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Just a new check to prevent names that look like filesystem paths
Cheers,
Yadd
Reply to: