Bug#1032976: unblock: node-sqlite3/5.1.5+ds1-1

To: Yadd <yadd@debian.org>, 1032976@bugs.debian.org
Subject: Bug#1032976: unblock: node-sqlite3/5.1.5+ds1-1
From: Jonathan Wiltshire <jmw@debian.org>
Date: Wed, 15 Mar 2023 07:40:13 +0000
Message-id: <[🔎] ZBF2XUvGjykVN+hg@powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 1032976@bugs.debian.org
In-reply-to: <[🔎] 167884758891.1651293.14289517460643671714.reportbug@debian007.xnr.fr>
References: <[🔎] 167884758891.1651293.14289517460643671714.reportbug@debian007.xnr.fr> <[🔎] 167884758891.1651293.14289517460643671714.reportbug@debian007.xnr.fr>

Hi,

On Wed, Mar 15, 2023 at 06:33:08AM +0400, Yadd wrote:
> Please unblock package node-sqlite3
> 
> [ Reason ]
> A code execution vulnerability was discover in node-sqlite3 due to the
> underlying implementation of .toString(). It is then possible to execute
> arbitrary JavaScript or to achieve a denial-of-service. if a binding
> parameter is a crafted object.
> (CVE-2022-43441)

It's a bit noisy with the other stuff from the upstream release, but I can
see the argument for sticking with it rather than cherry-picking.
Unblocked.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply to:

References:
- Bug#1032976: unblock: node-sqlite3/5.1.5+ds1-1
  - From: Yadd <yadd@debian.org>

Prev by Date: Processed: Re: Bug#1032847: unblock: intel-microcode/3.20230214.1
Next by Date: Bug#1032971: marked as done (unblock: man-db/2.11.2-2)
Previous by thread: Processed: unblock: node-sqlite3/5.1.5+ds1-1
Next by thread: Bug#1032977: unblock: apache2/2.4.56-1
Index(es):
- Date
- Thread