Bug#1040679: bullseye-pu: package node-dottie/2.0.2-4+deb11u1
Control: tag -1 = bullseye moreinfo
On Mon, Jul 24, 2023 at 09:37:58PM +0100, Adam D. Barratt wrote:
> On Mon, 2023-07-24 at 21:27 +0100, Jonathan Wiltshire wrote:
> > Control: tag -1 confirmed
> >
> > On Sun, Jul 09, 2023 at 09:11:26AM +0400, Yadd wrote:
> > > [ Reason ]
> > > node-dottie is vulnerable to prototype pollution (#1040592,
> > > CVE-2023-26132)
> >
> > By all means go ahead, but it can't be accepted until the situation
> > in
> > testing is fixed up (unless we propogate the version from
> > bookworm-proposed-updates to testing).
> >
>
> The provided diff appears to be against the package in bookworm.
> bullseye has 2.0.2-1.
Euf, right - sorry (too many releases started 'b'...)
Please revise the debdiff.
Thanks,
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Reply to: