On Mon, 2023-07-24 at 21:27 +0100, Jonathan Wiltshire wrote: > Control: tag -1 confirmed > > On Sun, Jul 09, 2023 at 09:11:26AM +0400, Yadd wrote: > > [ Reason ] > > node-dottie is vulnerable to prototype pollution (#1040592, > > CVE-2023-26132) > > By all means go ahead, but it can't be accepted until the situation > in > testing is fixed up (unless we propogate the version from > bookworm-proposed-updates to testing). >
The provided diff appears to be against the package in bookworm. bullseye has 2.0.2-1. Regards, Adam
