Bug#1008168: bullseye-pu: package node-url-parse/1.5.3-1+deb11u1
Control: tags -1 + confirmed
On Mon, 2022-04-11 at 16:17 +0200, Yadd wrote:
> On 24/03/2022 15:12, Moritz Mühlenhoff wrote:
> > Am Wed, Mar 23, 2022 at 02:25:26PM +0100 schrieb Yadd:
> > > Package: release.debian.org
> > > Severity: normal
> > > Tags: bullseye
> > > User: release.debian.org@packages.debian.org
> > > Usertags: pu
> > >
> > > [ Reason ]
> > > node-url-parse is vulnerable to an authorization Bypass Through
> > > User-Controlled (CVE-2022-0686).
> >
> > If we're doing an update, we could also include a fix for CVE-2022-
> > 0691?
> >
> > Cheers,
> > Moritz
>
> Hi,
>
> done, here is the new debdiff (including new test)
>
Please go ahead.
Regards,
Adam
Reply to: