Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1
From: Yadd <yadd@debian.org>
Date: Thu, 20 Oct 2022 17:22:27 +0200
Message-id: <[🔎] 166627934785.1539327.9894150501617564501.reportbug@debian007.xnr.fr>
Reply-to: Yadd <yadd@debian.org>, 1022122@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

[ Reason ]
node-minimatch is vulnerable to ReDoS

[ Impact ]
Medium security issue

[ Tests ]
New tests included in patch, passed

[ Risks ]
Low risk, patch is not so big and test passed

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Improve ReDoS protection and add more tests

Cheers,
Yadd

Reply to:

Follow-Ups:
- Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1
  - From: Yadd <yadd@debian.org>

Prev by Date: Bug#1020799: Transition: pkg-config to pkgconf: next steps
Next by Date: Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1
Previous by thread: Processed: Re: Bug#1020799: Transition: pkg-config to pkgconf: next steps
Next by thread: Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1
Index(es):
- Date
- Thread