Bug#1011331: bullseye-pu: package node-raw-body/2.4.1-2+deb11u1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + moreinfo

On Fri, 2022-05-20 at 09:47 +0200, Yadd wrote:
> node-raw-body embeds a patch that creates a Denial-of-Service
> vulnerability into node-express.
> 
> [ Impact ]
> Security issue, a simple request can crash any express application
> 
> [ Tests ]
> I added a test that proves that bug is fixed: it fails with
> node-raw-body 2.4.1-2 and succeeds with 2.4.1-2+deb11u1
> 
> [ Risks ]
> No risk, Debian package is now exactly what upstream wrote.
> 
> [ Checklist ]
>   [X] *all* changes are documented in the d/changelog
>   [X] I reviewed all changes and I approve them
>   [X] attach debdiff against the package in (old)stable
>   [X] the issue is verified as fixed in unstable
> 
> [ Changes ]
> Drop patch which replaced node-iconv-lite by node-iconv.
> 

Why was that change made in the first place? The changelog entry from
2014 isn't particularly helpful.

Regards,

Adam