Bug#1011331: bullseye-pu: package node-raw-body/2.4.1-2+deb11u1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + confirmed

On Sat, 2022-05-28 at 22:36 +0200, Yadd wrote:
> Control: tags -1 - moreinfo
> 
> On 28/05/2022 20:53, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> > 
> > On Fri, 2022-05-20 at 09:47 +0200, Yadd wrote:
> > > node-raw-body embeds a patch that creates a Denial-of-Service
> > > vulnerability into node-express.
> > > 
[...]
> > > Drop patch which replaced node-iconv-lite by node-iconv.
> > > 
> > 
> > Why was that change made in the first place? The changelog entry
> > from
> > 2014 isn't particularly helpful.
> 
> Hi Adam,
> 
> node-iconv-lite entered in Debian only in 2016. That's why this
> patch 
> existed.
> 

Thanks for the explanation. Please go ahead.

Regards,

Adam