Bug#1036978: bookworm-pu: package node-undici/5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1

To: Yadd <yadd@debian.org>, 1036978@bugs.debian.org
Subject: Bug#1036978: bookworm-pu: package node-undici/5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
From: Jonathan Wiltshire <jmw@debian.org>
Date: Sat, 24 Jun 2023 15:44:00 +0100
Message-id: <[🔎] ZJcBMLUsdG3b8x82@powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 1036978@bugs.debian.org
In-reply-to: <168553444718.387593.7836240610668706294.reportbug@debian117>
References: <168553444718.387593.7836240610668706294.reportbug@debian117> <168553444718.387593.7836240610668706294.reportbug@debian117>

Control: tag -1 confirmed

On Wed, May 31, 2023 at 04:00:47PM +0400, Yadd wrote:
> [ Reason ]
> node-undici is vulnerable to:
>  * CVE-2023-23936: "Host" HTTP header isn't protected against CLRF injection
>  * CVE-2023-24807: Regex Denial of Service on headers set/append

Please update the changelog to mention the CVE identifiers; other than
that, go ahead.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply to:

Prev by Date: NEW changes in stable-new
Next by Date: Processed: Re: Bug#1036978: bookworm-pu: package node-undici/5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
Previous by thread: Processed: Re: Bug#1038996: transition: pantomime
Next by thread: Processed: Re: Bug#1036978: bookworm-pu: package node-undici/5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1
Index(es):
- Date
- Thread