Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: node-socket.io-par...@packages.debian.org Control: affects -1 + src:node-socket.io-parser
Please unblock package node-socket.io-parser [ Reason ] node-socket.io-parser is vulnerable to CVE-2023-32695: a malformet packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. [ Impact ] Medium security issue [ Tests ] Test updated, passed [ Risks ] No risk: * patch is trivial * the patch is a revert, version 4.0.2 (Bullseye) isn't vulnerable even if included in the report (see https://github.com/socketio/socket.io/discussions/4721) [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing Cheers, Yadd unblock node-socket.io-parser/4.2.1+~3.1.0-2 -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
