Bug#970307: buster-pu: package node-mysql/2.16.0-1+deb10u1

To: Xavier Guimard <yadd@debian.org>, 970307@bugs.debian.org
Subject: Bug#970307: buster-pu: package node-mysql/2.16.0-1+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 17 Sep 2020 20:23:30 +0100
Message-id: <[🔎] 2bea84bfce7c86cf1a0773fa114a127d3088ca61.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 970307@bugs.debian.org
In-reply-to: <[🔎] 160009228311.298516.11629306780058070486.reportbug@deb007.xnr.fr>
References: <[🔎] 160009228311.298516.11629306780058070486.reportbug@deb007.xnr.fr> <[🔎] 160009228311.298516.11629306780058070486.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Mon, 2020-09-14 at 16:04 +0200, Xavier Guimard wrote:
> [ Reason ]
> node-mysql is vulnerable to CVE-2019-14939 (#934712)
> 
> [ Impact ]
> Default "LOAD DATA LOCAL INFILE" is too permissive
> 
> [ Tests ]
> Sadly tests were not enabled in buster
> 

I think the intention is also to describe how the patch was tested. :-)

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#970307: buster-pu: package node-mysql/2.16.0-1+deb10u1
  - From: Xavier Guimard <yadd@debian.org>

Prev by Date: Processed: Re: Bug#970349: buster-pu: package icinga2/2.10.3-2+deb10u1
Next by Date: Processed: Re: Bug#970307: buster-pu: package node-mysql/2.16.0-1+deb10u1
Previous by thread: Bug#970307: buster-pu: package node-mysql/2.16.0-1+deb10u1
Next by thread: Processed: Re: Bug#970307: buster-pu: package node-mysql/2.16.0-1+deb10u1
Index(es):
- Date
- Thread