On 3/15/23 16:38, Yadd wrote:
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-webp...@packages.debian.org
Control: affects -1 + src:node-webpack
Please unblock package node-webpack
[ Reason ]
node-webpack is vulnerable to cross-realm object access
(#1032904, CVE-2023-28154).
[ Impact ]
Medium security issue
[ Tests ]
Test updated, passed
[ Risks ]
Low risk, autopkgtest passed on all reverse dependencies
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
The attached debdiff doesn't show the doc and test snapshot updates,
else debdiff is really big and not relevant.
Cheers,
Yadd
unblock node-webpack/5.76.1+dfsg1+~cs17.16.16-1
Sorry, I didn't see that node-webpack was considered as key package.
