Bug#1032976: unblock: node-sqlite3/5.1.5+ds1-1
Hi,
On Wed, Mar 15, 2023 at 06:33:08AM +0400, Yadd wrote:
> Please unblock package node-sqlite3
>
> [ Reason ]
> A code execution vulnerability was discover in node-sqlite3 due to the
> underlying implementation of .toString(). It is then possible to execute
> arbitrary JavaScript or to achieve a denial-of-service. if a binding
> parameter is a crafted object.
> (CVE-2022-43441)
It's a bit noisy with the other stuff from the upstream release, but I can
see the argument for sticking with it rather than cherry-picking.
Unblocked.
Thanks,
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Reply to: