Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1

To: Yadd <yadd@debian.org>, 1032994@bugs.debian.org
Subject: Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
From: Paul Gevers <elbrus@debian.org>
Date: Wed, 15 Mar 2023 21:11:46 +0100
Message-id: <[🔎] bb425d63-d388-94cf-5343-cb1b2191d1ac@debian.org>
Reply-to: Paul Gevers <elbrus@debian.org>, 1032994@bugs.debian.org
In-reply-to: <[🔎] 167888392271.1801856.1546557073263234240.reportbug@debian007.xnr.fr>
References: <[🔎] 167888392271.1801856.1546557073263234240.reportbug@debian007.xnr.fr> <[🔎] 167888392271.1801856.1546557073263234240.reportbug@debian007.xnr.fr>

Control: tags -1 moreinfo

Hi Yadd,

On 15-03-2023 13:38, Yadd wrote:

[ Reason ]
node-webpack is vulnerable to cross-realm object access
(#1032904, CVE-2023-28154).

This doesn't look like a targeted fix, but rather seems to include muchmore.


How about reverting and providing a fix only for that CVE please?

Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

References:
- Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
  - From: Yadd <yadd@debian.org>

Prev by Date: Bug#1033009: marked as done (unblock: calamares-settings-debian/12.0.5-1)
Next by Date: Processed: Re: Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
Previous by thread: Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
Next by thread: Processed: Re: Bug#1032994: unblock: node-webpack/5.76.1+dfsg1+~cs17.16.16-1
Index(es):
- Date
- Thread