Bug#1040679: bullseye-pu: package node-dottie/2.0.2-4+deb11u1
Control: tag -1 confirmed
On Sun, Jul 09, 2023 at 09:11:26AM +0400, Yadd wrote:
> [ Reason ]
> node-dottie is vulnerable to prototype pollution (#1040592,
> CVE-2023-26132)
By all means go ahead, but it can't be accepted until the situation in
testing is fixed up (unless we propogate the version from
bookworm-proposed-updates to testing).
Thanks,
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Reply to: