Bug#1036660: unblock: node-socket.io-parser/4.2.1+~3.1.0-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1036660: unblock: node-socket.io-parser/4.2.1+~3.1.0-2
From: Yadd <yadd@debian.org>
Date: Wed, 24 May 2023 07:39:34 +0400
Message-id: <[🔎] 168489957430.1835453.6380812538545455353.reportbug@debian007.xnr.fr>
Reply-to: Yadd <yadd@debian.org>, 1036660@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-socket.io-parser@packages.debian.org
Control: affects -1 + src:node-socket.io-parser

Please unblock package node-socket.io-parser

[ Reason ]
node-socket.io-parser is vulnerable to CVE-2023-32695: a malformet
packet can trigger an uncaught exception on the Socket.IO server,
thus killing the Node.js process.

[ Impact ]
Medium security issue

[ Tests ]
Test updated, passed

[ Risks ]
No risk:
 * patch is trivial
 * the patch is a revert, version 4.0.2 (Bullseye) isn't vulnerable even
   if included in the report
   (see https://github.com/socketio/socket.io/discussions/4721)

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

Cheers,
Yadd

unblock node-socket.io-parser/4.2.1+~3.1.0-2

Reply to:

Follow-Ups:
- Processed: unblock: node-socket.io-parser/4.2.1+~3.1.0-2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1036660: marked as done (unblock: node-socket.io-parser/4.2.1+~3.1.0-2)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: unblock: node-socket.io-parser/4.2.1+~3.1.0-2
Next by Date: Bug#1036656: unblock: grub2/2.06-13
Previous by thread: Bug#1036656: marked as done (unblock: grub2/2.06-13)
Next by thread: Processed: unblock: node-socket.io-parser/4.2.1+~3.1.0-2
Index(es):
- Date
- Thread