Bug#1010383: bullseye-pu: package node-ejs/2.5.7-3+deb11u1

To: Yadd <yadd@debian.org>, 1010383@bugs.debian.org
Subject: Bug#1010383: bullseye-pu: package node-ejs/2.5.7-3+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 28 May 2022 20:13:40 +0100
Message-id: <[🔎] 92418e3d40de0c8320513665bfe4f6dec71ec7e0.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1010383@bugs.debian.org
In-reply-to: <165130268178.1009114.11279789292703345557.reportbug@debian007.xnr.fr>
References: <165130268178.1009114.11279789292703345557.reportbug@debian007.xnr.fr> <165130268178.1009114.11279789292703345557.reportbug@debian007.xnr.fr>

Control: tags -1 + confirmed

On Sat, 2022-04-30 at 09:11 +0200, Yadd wrote:
> node-ejs is vulnerable to server-side template injection
> (CVE-2022-29078, #1010359) and probably to prototype pollution.
> 

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Processed: Re: Bug#1010211: bullseye-pu: package grunt/1.3.0-1+deb11u1
Next by Date: Processed: Re: Bug#1010304: bullseye-pu: package freetype/2.10.4+dfsg-1+deb11u1
Previous by thread: Processed: Re: Bug#1010304: bullseye-pu: package freetype/2.10.4+dfsg-1+deb11u1
Next by thread: Processed: Re: Bug#1010383: bullseye-pu: package node-ejs/2.5.7-3+deb11u1
Index(es):
- Date
- Thread