[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1040679: bullseye-pu: package node-dottie/2.0.2-4+deb11u1

Control: tag -1 = bullseye moreinfo

On Mon, Jul 24, 2023 at 09:37:58PM +0100, Adam D. Barratt wrote:
> On Mon, 2023-07-24 at 21:27 +0100, Jonathan Wiltshire wrote:
> > Control: tag -1 confirmed
> > 
> > On Sun, Jul 09, 2023 at 09:11:26AM +0400, Yadd wrote:
> > > [ Reason ]
> > > node-dottie is vulnerable to prototype pollution (#1040592,
> > > CVE-2023-26132)
> > 
> > By all means go ahead, but it can't be accepted until the situation
> > in
> > testing is fixed up (unless we propogate the version from
> > bookworm-proposed-updates to testing).
> > 
> 
> The provided diff appears to be against the package in bookworm.
> bullseye has 2.0.2-1.

Euf, right - sorry (too many releases started 'b'...)
Please revise the debdiff.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Reply to: