Hi, On Wed, Oct 12, 2022 at 10:12:09AM +0200, Yadd wrote: > Package: release.debian.org > Severity: normal > Tags: buster > User: release.debian....@packages.debian.org > Usertags: pu > > [ Reason ] > node-xmldom is vulnerable to prototype pollution > > [ Impact ] > Medium security issue > > [ Tests ] > No new test, test passed > > [ Risks ] > Low risk, patch is trivial > > [ Checklist ] > [X] *all* changes are documented in the d/changelog > [X] I reviewed all changes and I approve them > [X] attach debdiff against the package in (old)stable > [X] the issue is verified as fixed in unstable > > [ Changes ] > Add checks to avoid prototype pollution > > Cheers, > Yadd
> diff --git a/debian/changelog b/debian/changelog > index 51d769b..d16e01b 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,10 @@ > +node-xmldom (0.1.27+ds-1+deb10u1) buster; urgency=medium > + > + * Team upload > + * Fix prototype pollution (Closes: #1021618, CVE-2022-37616) > + > + -- Yadd <y...@debian.org> Wed, 12 Oct 2022 10:07:56 +0200 The last buster point release has happened. But this update could go via a DLA. I suggest to contact the LTS team (cc'ing the list). Regards, Salvatore
