Hi,
Thanks for your reply.
Disclaimer not part of the release team.
On Fri, Jan 31, 2025 at 07:22:36AM +0100, Yadd wrote:
> On 1/30/25 22:26, Salvatore Bonaccorso wrote:
> > Hi,
> >
> > On Thu, Jan 30, 2025 at 06:55:08PM +0100, Yadd wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > Tags: bookworm
> > > X-Debbugs-Cc: node-ax...@packages.debian.org
> > > Control: affects -1 + src:node-axios
> > > User: release.debian....@packages.debian.org
> > > Usertags: pu
> > >
> > > [ Reason ]
> > > In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a
> > > URL object when determining an origin, and has a potentially
> > > unwanted setAttribute('href',href) call.
> > >
> > > [...]
> >
> > Do you know what happened to the 1.2.1+dfsg-1+deb12u1 version?
> > According to the git commit this was aimed to fix CVE-2023-45857 via a
> > point release as well but never got uploaded?
> >
> > Regards,
> > Salvatore
>
> Hi,
>
> I don't remember what happened here.
Ok, guess no worries. Stable release managers, there is a previous
change as well which fixes another no-dsa change which should be
included.
Xavier, maybe you can post the debdiff additionally to the version
which is currently in stable to get the full view.
Regards,
Salvatore
