Bug#1008045: bullseye-pu: package node-mermaid/8.7.0+ds+~cs27.17.17-3+deb11u1
- To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1008045@bugs.debian.org
- Cc: Yadd <yadd@debian.org>
- Subject: Bug#1008045: bullseye-pu: package node-mermaid/8.7.0+ds+~cs27.17.17-3+deb11u1
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Tue, 21 Jun 2022 08:30:26 +0200
- Message-id: <[🔎] YrFlghOyHt5kWrxU@eldamar.lan>
- Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1008045@bugs.debian.org
- In-reply-to: <d893927bb7cddf557c585984d4e04c68586181dd.camel@adam-barratt.org.uk>
- References: <164786814917.1590410.14372741310503659353.reportbug@debian007.xnr.fr> <164786814917.1590410.14372741310503659353.reportbug@debian007.xnr.fr> <d893927bb7cddf557c585984d4e04c68586181dd.camel@adam-barratt.org.uk> <164786814917.1590410.14372741310503659353.reportbug@debian007.xnr.fr>
Hi Yadd,
On Sat, May 28, 2022 at 09:20:40PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Mon, 2022-03-21 at 14:09 +0100, Yadd wrote:
> > node-mermaid is vulnerable to XSS attack (CVE-2021-23648)
> >
>
> Please go ahead.
Could you fix as well CVE-2021-43861 in the next point release? Should
be then on top of the already uploaded +deb11u1.
Regards,
Salvatore
Reply to: