Bug#1011331: bullseye-pu: package node-raw-body/2.4.1-2+deb11u1
Control: tags -1 + confirmed
On Sat, 2022-05-28 at 22:36 +0200, Yadd wrote:
> Control: tags -1 - moreinfo
>
> On 28/05/2022 20:53, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> >
> > On Fri, 2022-05-20 at 09:47 +0200, Yadd wrote:
> > > node-raw-body embeds a patch that creates a Denial-of-Service
> > > vulnerability into node-express.
> > >
[...]
> > > Drop patch which replaced node-iconv-lite by node-iconv.
> > >
> >
> > Why was that change made in the first place? The changelog entry
> > from
> > 2014 isn't particularly helpful.
>
> Hi Adam,
>
> node-iconv-lite entered in Debian only in 2016. That's why this
> patch
> existed.
>
Thanks for the explanation. Please go ahead.
Regards,
Adam
Reply to: