Bug#1040679: bullseye-pu: package node-dottie/2.0.2-4+deb11u1

To: Jonathan Wiltshire <jmw@debian.org>, 1040679@bugs.debian.org, Yadd <yadd@debian.org>
Subject: Bug#1040679: bullseye-pu: package node-dottie/2.0.2-4+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 24 Jul 2023 21:37:58 +0100
Message-id: <[🔎] 5f6be727bcffabd968391082be78abdb7bedc42f.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1040679@bugs.debian.org
In-reply-to: <[🔎] ZL7et4EtNBpdaKkY@powdarrmonkey.net>
References: <[🔎] 168887948623.1694184.1330722760044806618.reportbug@debian117> <[🔎] 168887948623.1694184.1330722760044806618.reportbug@debian117> <[🔎] ZL7et4EtNBpdaKkY@powdarrmonkey.net> <[🔎] 168887948623.1694184.1330722760044806618.reportbug@debian117>

On Mon, 2023-07-24 at 21:27 +0100, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
> 
> On Sun, Jul 09, 2023 at 09:11:26AM +0400, Yadd wrote:
> > [ Reason ]
> > node-dottie is vulnerable to prototype pollution (#1040592,
> > CVE-2023-26132)
> 
> By all means go ahead, but it can't be accepted until the situation
> in
> testing is fixed up (unless we propogate the version from
> bookworm-proposed-updates to testing).
> 

The provided diff appears to be against the package in bookworm.
bullseye has 2.0.2-1.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1040679: bullseye-pu: package node-dottie/2.0.2-4+deb11u1
  - From: Jonathan Wiltshire <jmw@debian.org>

References:
- Bug#1040679: bullseye-pu: package node-dottie/2.0.2-4+deb11u1
  - From: Yadd <yadd@debian.org>
- Bug#1040679: bullseye-pu: package node-dottie/2.0.2-4+deb11u1
  - From: Jonathan Wiltshire <jmw@debian.org>

Prev by Date: Re: 11.8/12.2 planning
Next by Date: NEW changes in oldstable-new
Previous by thread: Bug#1040679: bullseye-pu: package node-dottie/2.0.2-4+deb11u1
Next by thread: Bug#1040679: bullseye-pu: package node-dottie/2.0.2-4+deb11u1
Index(es):
- Date
- Thread