Bug#1008045: bullseye-pu: package node-mermaid/8.7.0+ds+~cs27.17.17-3+deb11u1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1008045@bugs.debian.org
Cc: Yadd <yadd@debian.org>
Subject: Bug#1008045: bullseye-pu: package node-mermaid/8.7.0+ds+~cs27.17.17-3+deb11u1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 21 Jun 2022 08:30:26 +0200
Message-id: <[🔎] YrFlghOyHt5kWrxU@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1008045@bugs.debian.org
In-reply-to: <d893927bb7cddf557c585984d4e04c68586181dd.camel@adam-barratt.org.uk>
References: <164786814917.1590410.14372741310503659353.reportbug@debian007.xnr.fr> <164786814917.1590410.14372741310503659353.reportbug@debian007.xnr.fr> <d893927bb7cddf557c585984d4e04c68586181dd.camel@adam-barratt.org.uk> <164786814917.1590410.14372741310503659353.reportbug@debian007.xnr.fr>

Hi Yadd,

On Sat, May 28, 2022 at 09:20:40PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2022-03-21 at 14:09 +0100, Yadd wrote:
> > node-mermaid is vulnerable to XSS attack (CVE-2021-23648)
> > 
> 
> Please go ahead.

Could you fix as well CVE-2021-43861 in the next point release? Should
be then on top of the already uploaded +deb11u1.

Regards,
Salvatore

Reply to:

Prev by Date: apache2 update for next buster point release?
Next by Date: Re: apache2 update for next buster point release?
Previous by thread: Re: apache2 update for next buster point release?
Next by thread: Bug#1013306: bullseye-pu: package libsdl2/2.0.14+dfsg2-3+deb11u1
Index(es):
- Date
- Thread