Bug#1008168: bullseye-pu: package node-url-parse/1.5.3-1+deb11u1

To: Yadd <yadd@debian.org>, 1008168@bugs.debian.org, Moritz Mühlenhoff <jmm@inutil.org>
Subject: Bug#1008168: bullseye-pu: package node-url-parse/1.5.3-1+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 28 May 2022 21:12:31 +0100
Message-id: <[🔎] 5b00c8a2ddde7cea310a15e64fca06d220b97433.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1008168@bugs.debian.org
In-reply-to: <4cb7187c-4a15-eacf-350b-6ef21f7d6a23@debian.org>
References: <164804192695.1474801.1170186912636886208.reportbug@debian007.xnr.fr> <Yjx8VQruEL3ilRif@pisco.westfalen.local> <164804192695.1474801.1170186912636886208.reportbug@debian007.xnr.fr> <4cb7187c-4a15-eacf-350b-6ef21f7d6a23@debian.org> <164804192695.1474801.1170186912636886208.reportbug@debian007.xnr.fr>

Control: tags -1 + confirmed

On Mon, 2022-04-11 at 16:17 +0200, Yadd wrote:
> On 24/03/2022 15:12, Moritz Mühlenhoff wrote:
> > Am Wed, Mar 23, 2022 at 02:25:26PM +0100 schrieb Yadd:
> > > Package: release.debian.org
> > > Severity: normal
> > > Tags: bullseye
> > > User: release.debian.org@packages.debian.org
> > > Usertags: pu
> > > 
> > > [ Reason ]
> > > node-url-parse is vulnerable to an authorization Bypass Through
> > > User-Controlled (CVE-2022-0686).
> > 
> > If we're doing an update, we could also include a fix for CVE-2022-
> > 0691?
> > 
> > Cheers,
> >          Moritz
> 
> Hi,
> 
> done, here is the new debdiff (including new test)
> 

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Bug#1008162: bullseye-pu: package node-minimist/1.2.5+~cs5.3.1-2+deb11u1
Next by Date: Processed: Re: Bug#1008168: bullseye-pu: package node-url-parse/1.5.3-1+deb11u1
Previous by thread: Processed: Re: Bug#1008162: bullseye-pu: package node-minimist/1.2.5+~cs5.3.1-2+deb11u1
Next by thread: Processed: Re: Bug#1008168: bullseye-pu: package node-url-parse/1.5.3-1+deb11u1
Index(es):
- Date
- Thread