Control: tag -1 = bullseye moreinfo On Mon, Jul 24, 2023 at 09:37:58PM +0100, Adam D. Barratt wrote: > On Mon, 2023-07-24 at 21:27 +0100, Jonathan Wiltshire wrote: > > Control: tag -1 confirmed > > > > On Sun, Jul 09, 2023 at 09:11:26AM +0400, Yadd wrote: > > > [ Reason ] > > > node-dottie is vulnerable to prototype pollution (#1040592, > > > CVE-2023-26132) > > > > By all means go ahead, but it can't be accepted until the situation > > in > > testing is fixed up (unless we propogate the version from > > bookworm-proposed-updates to testing). > > > > The provided diff appears to be against the package in bookworm. > bullseye has 2.0.2-1.
Euf, right - sorry (too many releases started 'b'...) Please revise the debdiff. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
