Bug#1025387: bullseye-pu: package node-qs/6.9.4+ds-1+deb11u1

To: Yadd <yadd@debian.org>, 1025387@bugs.debian.org
Subject: Bug#1025387: bullseye-pu: package node-qs/6.9.4+ds-1+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Wed, 07 Dec 2022 20:36:07 +0000
Message-id: <[🔎] a47b9c3514bfaba9954230879a9ae5ff2c0710a2.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1025387@bugs.debian.org
In-reply-to: <[🔎] 167009553532.1064867.2409071225652774247.reportbug@debian007.xnr.fr>
References: <[🔎] 167009553532.1064867.2409071225652774247.reportbug@debian007.xnr.fr> <[🔎] 167009553532.1064867.2409071225652774247.reportbug@debian007.xnr.fr>

Control: tags -1 + confirmed

On Sat, 2022-12-03 at 20:25 +0100, Yadd wrote:
> node-qs is vulnerable to prototype pollution, this affects web
> applications using node-express (CVE-2022-24999)
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1025387: bullseye-pu: package node-qs/6.9.4+ds-1+deb11u1
  - From: Yadd <yadd@debian.org>

Prev by Date: Processed: Re: Bug#1025329: bullseye-pu: package cwltool/3.0.20210124104916-3+deb11u1
Next by Date: Bug#1025414: bullseye-pu: package node-hawk/8.0.1+dfsg-2+deb11u1
Previous by thread: Processed: Re: Bug#1025387: bullseye-pu: package node-qs/6.9.4+ds-1+deb11u1
Next by thread: Bug#1025387: node-qs 6.9.4+ds-1+deb11u1 flagged for acceptance
Index(es):
- Date
- Thread