server.
[ Impact ]
Medium vulnerability
[ Tests ]
No change in test
[ Risks ]
No risk, patch is trivial
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node
issue is verified as fixed in unstable
[ Changes ]
Just replace:
split(/, */)
by
split(',').map(s => s.trim())
[ Other info ]
I adapted patch from 7.4.2 to 1.1.0
Cheers,
Yadd
-32640)
+
+ -- Yadd Wed, 26 May 2021 12:33:11 +0200
+
node-ws (1.1.0+ds1.e6ddaae4-5) unstable; urgency=medium
* Add upstream/metadata
diff --git a/debian/patches/CVE-2021-32640.patch
b/debian/patches/CVE-2021-32640.patch
new file mode 100644
index 000..fd4c9dc
--- /dev/null
+++ b/debian
the package in testing
Sorry for this error...
Cheers,
Yadd
unblock node-cpr/3.0.1-4
diff --git a/debian/changelog b/debian/changelog
index b0e6caf..338ddf1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-cpr (3.0.1-4) unstable; urgency=medium
+
+ * Team upload
Le 29/05/2021 à 16:04, Adam D. Barratt a écrit :
> Control: tags -1 + confirmed
>
> On Sat, 2021-05-22 at 12:26 +0200, Yadd wrote:
>> [ Reason ]
>> USPS is sending notices that HTTP access will be turned off shortly,
>> in favor of HTTPS.
>>
>> Given that
/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-got/11.8.1+~cs53.13.17-3
-BEGIN PGP SIGNATURE-
iQJEBAEBCgAuFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmC0tMwQHHlhZGRAZGVi
aWFuLm9yZwAKCRD210ynyZnu6TKiD
h no major behavior changes in 2.4.x branch [2], but with many CVE
fixes [3].
But maybe is there a better way to fix these vulnerabilities (and future
ones) ?
Cheers,
Yadd
[1] https://security-tracker.debian.org/tracker/source-package/apache2
[2] https://downloads.apache.org/httpd/CHANGES_2.
89562, CVE-2021-31618)
+
+ -- Yadd Thu, 10 Jun 2021 11:57:38 +0200
+
apache2 (2.4.46-4) unstable; urgency=medium
* Ignore other random another test failures (Closes: #979664)
diff --git a/debian/patches/CVE-2021-31618.patch
b/debian/patches/CVE-2021-31618.patch
new file mode 100644
inde
Control: retitle -1 unblock: apache2/2.4.46-6
Le 10/06/2021 à 12:21, Yadd a écrit :
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: secur...@debian.org
>
> Please unblock package
Le 10/06/2021 à 14:07, Moritz Muehlenhoff a écrit :
> On Thu, Jun 10, 2021 at 02:02:05PM +0200, Yadd wrote:
>> Le 10/06/2021 à 12:16, Yadd a écrit :
>>> Le 10/06/2021 à 11:51, Yadd a écrit :
>>>> Hi,
>>>>
>>>> Hopefully there is an ava
Le 10/06/2021 à 17:31, Yadd a écrit :
> Le 10/06/2021 à 14:07, Moritz Muehlenhoff a écrit :
>> On Thu, Jun 10, 2021 at 02:02:05PM +0200, Yadd wrote:
>>> Le 10/06/2021 à 12:16, Yadd a écrit :
>>>> Le 10/06/2021 à 11:51, Yadd a écrit :
>>>>> Hi,
>>&
ium XSS vulnerability
[ Tests ]
Upstream doesn't provide any test for this package
[ Risks ]
No risk, patch is trivial
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Chee
Control: tags -1 - moreinfo
Control: retitle -1 unblock: acorn/8.0.5+ds+~cs19.19.27-3
Le 15/06/2021 à 20:59, Paul Gevers a écrit :
> Control: tag -1 moreinfo
>
> Hi Yadd,
>
> On Thu, 20 May 2021 11:29:15 +0200 Paul Gevers wrote:
>> Control: tag -1 confirmed moreinfo
>&
is really big.
Cheers,
Yadd
unblock apache2/2.4.48-2
diff --git a/debian/apache2-data.lintian-overrides
b/debian/apache2-data.lintian-overrides
index 902735d7..fa617892 100644
--- a/debian/apache2-data.lintian-overrides
+++ b/debian/apache2-data.lintian-overrides
@@ -1 +1,5 @@
debian-changelog
Le 19/06/2021 à 14:57, Sebastian Ramacher a écrit :
> On 2021-06-14 21:08:14 +0200, Moritz Mühlenhoff wrote:
>> Yadd wrote:
>>> Our current apache2 policy keeps a lot of (maybe unimportant) CVE opened
>>> [1].
>>
>> Note that this isn't really accurate:
Control: tags -1 - moreinfo
Control: retitle -1 unblock: apache2/2.4.48-3
Le 20/06/2021 à 16:35, Sebastian Ramacher a écrit :
> Control: tags -1 moreinfo
>
> On 2021-06-19 18:13:16 +0200, Yadd wrote:
>> Package: release.debian.org
>> Severity: normal
&g
[ Tests ]
No change in tests, passed
[ Risks ]
Patch is trivial, no risk IMO
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-color-string/1.5.4-2
diff --git a
Cheers,
Yadd
unblock node-millstone/0.6.19-5
diff --git a/debian/changelog b/debian/changelog
index 772caee..48a07e5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-millstone (0.6.19-5) unstable; urgency=medium
+
+ * Team upload
+ * Disable another test (Closes
+ (Closes: CVE-2021-35473)
+* Fix XSS on register form
+* Don't display TOTP secret to connected user, neither in logs
+
+ -- Yadd Thu, 22 Jul 2021 22:13:38 +0200
+
lemonldap-ng (2.0.11+ds-3) unstable; urgency=medium
* Add Breaks+Replaces in lemonldap-ng-handler for
diff --
and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-jszip/3.5.0+dfsg-2
diff --git a/debian/changelog b/debian/changelog
index 7994aaf..bbfd736 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-jszip (3.5.0+dfsg-2) unstable
Le 26/07/2021 à 22:01, Yadd a écrit :
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock package node-jszip
>
> [ Reason ]
> node-jszip is vulnerable to a prototype pollution: ra
risk: patch is trivial
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
Cheers,
Yadd
diff --git a/debian/changelog b/debian
ting
Cheers,
Yadd
unblock node-superagent/6.1.0-4
diff --git a/debian/changelog b/debian/changelog
index c548473..9195095 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+node-superagent (6.1.0-4) unstable; urgency=medium
+
+ [ Yadd ]
+ * Fix GitHub tags regex
+ * Uploa
[ Other info ]
I had to update install in debian/rules to fix autopkgtest
Cheers,
Yadd
unblock twitter-bootstrap4/4.5.2+dfsg1-7
diff --git a/debian/changelog b/debian/changelog
index 501299938..a563bd262 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+twitter-bootstrap4
]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-browserslist/4.16.3+~cs5.4.72-3
diff --git a/debian/changelog b/debian/changelog
index f53ddc3..cd122a7 100644
--- a
documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-caniuse-api/3.0.0-3
diff --git a/debian/changelog b/debian/changelog
index 5661f1f..24df880 100644
--- a/debian/changelog
+++ b/debian/changelog
/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-esquery/1.3.1~ds-4
diff --git a/debian/changelog b/debian/changelog
index 8ef57fa..e291d89 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10
to this vulnerabilities (including test updates)
You will find 2 debdiff:
* full debdiff
* relevant debdiff (only index.js changes)
Cheers,
Yadd
unblock node-url-parse/1.5.3-1
diff --git a/index.js b/index.js
index 72b27c0..c6052d5 100644
--- a/index.js
+++ b/index.js
@@ -2,8 +2,9 @@
var
Le 31/07/2021 à 13:25, Yadd a écrit :
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
>
> Please unblock package node-url-parse
>
> [ Reason ]
> node-url-parse 1.5.1 is vulnerable to URL redir
#991939).
[ Impact ]
Nothing
[ Tests ]
No changes
[ Risks ]
No risks
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock twitter-bootstrap4/4.5.2+dfsg1-8
diff
the package in testing
Cheers,
Yadd
unblock node-setimmediate/1.0.5-6
diff --git a/debian/changelog b/debian/changelog
index a7a5a3c..20055db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+node-setimmediate (1.0.5-6) unstable; urgency=medium
+
+ * Team upload
+ * Fix
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Add new checks
Cheers,
Yadd
diff --git a/debian/changelog b
documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Add new checks
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 83bacd9..8b3a42d
]
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 2331e3e..355b51a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+apr (1.7.0-6+deb11u1) bullseye; urgency=medium
+
+ * Team upload
+
+ [ Salvatore Bonaccorso ]
+ * Out-of-bounds array dereference in
d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
New string hashing algorithm and test.
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index c8259297
/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
New string hashing algorithm and test.
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 240d1f4d
] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Regex update
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: r...@users.sf.net
Please unblock package pinball
[ Reason ]
pinball has a RC bug due to a bad build dependency to libstdc++
[ Impact ]
Unusable for Bullseye
[ Tests ]
Upstre
diff --git a/debian/changelog b/debian/changelog
index d89bef9..4d8dcd6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+pinball (0.3.20201218-2) unstable; urgency=medium
+
+ * d/control: Update preferred libstdc++ version (Closes: #985440)
+ * d/control: Update standards to
Control: reopen -1
Control: tags -1 - moreinfo
Control: retitle -1 unblock: pinball/0.3.20201218-3
Hi,
Philippe added an autopkgtest to pinball. Since this game has no reverse
dependencies (except its pinball tables [2]), I think it is not risky to
unblock it.
Debian Package Tracker[1] mentions
]
shortcutMatch regex is cut in two piece:
- a more simple regexp
- a distinc change to remove .git suffix
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index b4038a0..f8baeef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-hosted-git-info (2.7.1-1+deb10u1
Control: tags -1 - moreinfo
Le 28/03/2021 à 22:24, Paul Gevers a écrit :
> Control: tags -1 moreinfo
>
> Hi,
>
> On 25-03-2021 15:04, Yadd wrote:
>> Philippe added an autopkgtest to pinball.
>
> The autopkgtest doesn't test the installed binaries subst
changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other ]
I downgrade autopkgtest to "superficial" since nothing was really tested
(just a node "require"). That's why I'm
Control: tags -1 - moreinfo
Le 31/03/2021 à 09:52, Sebastian Ramacher a écrit :
> Control: tags -1 moreinfo
>
> On 2021-03-30 22:49:43, Yadd wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usert
dependencies
* Remove useless debian/webpack.config.js
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-d3-dsv/1.1.1-4
diff --git a/debian/changelog b/debian
bpack.config.js
>>
>> [ Checklist ]
>> [X] all changes are documented in the d/changelog
>> [X] I reviewed all changes and I approve them
>> [X] attach debdiff against the package in testing
>>
>> Cheers,
>> Yadd
>>
>> unblock no
+node-types-estree and node-types-node (Closes: #979762, #979775, #985702)
+
+ -- Yadd Mon, 22 Mar 2021 12:45:55 +0100
+
node-rollup-pluginutils (4.1.0+~2.8.2-2) unstable; urgency=medium
* Team upload
diff --git a/debian/control b/debian/control
index 6f6f43d..c5ab2ea 100644
--- a
& autopkgtest still works
[ Risks ]
No risk
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-core-js/3.8.2-2
diff --git a/debian/changelog b/debian/chang
de-postcss/8.2.1+~cs5.3.23-6
diff --git a/debian/changelog b/debian/changelog
index 9dba3f7..f7ffc04 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-postcss (8.2.1+~cs5.3.23-6) unstable; urgency=medium
+
+ * Team upload
+ * Fix ReDoS vulnerability (Closes: CVE-2021-23368)
+
Xavier
diff --git a/debian/changelog b/debian/changelog
index d4aae875..407f7c48 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+dojo (1.14.2+dfsg1-1+deb10u3) buster; urgency=medium
+
+ * Team upload
+ * Fix cross-site-scripting vulnerability (Closes: #97, CVE-2020-405
ting
Cheers,
Yadd
unblock node-handlebars/4.7.6+~4.1.0-2
diff --git a/debian/changelog b/debian/changelog
index 675dba0..215d5a2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-handlebars (3:4.7.6+~4.1.0-2) unstable; urgency=medium
+
+ * Team upload
+ * Fix remote
] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
More checks for given arguments
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index e49c409..e55d497 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11
the package in testing
[ Other info ]
Patch is trivial, just a regex update
Cheers,
Yadd
unblock node-glob-parent/5.1.1+~5.1.0-2
diff --git a/debian/changelog b/debian/changelog
index 3e6f1d0..e60f126 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-glob-parent (5.1.1+~5.1
adapted to 3.1.0
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 74d0753..46486a7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-glob-parent (3.1.0-1+deb10u1) unstable; urgency=medium
+
+ * Team upload
+ * Fix ReDoS (Closes: CVE-2020-28469
] the issue is verified as fixed in unstable
[ Changes ]
Test wanted 8 successful checks. The patch requires only 7, so allows
one failure (function not launched probably due to a nodejs change)
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index e08c7c7..4c026c2 100644
--- a/debian
node-redis (3.0.2+~cs5.18.1-3) UNRELEASED; urgency=medium
+
+ * Fix GitHub tags regex
+ * Uploaders: remove Leo Iannacone, thanks for your work!
+ * Fix potential ReDoS (Closes: CVE-2021-29469)
+
+ -- Yadd Sun, 25 Apr 2021 13:54:43 +0200
+
node-redis (3.0.2+~cs5.18.1-2) unstable; urgency=me
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Regex update
Cheers,
Yadd
diff --git a/debian/changelog b/debian
debdiff against the package in testing
Cheers,
Yadd
unblock node-postcss/8.2.1+~cs5.3.23-7
diff --git a/debian/changelog b/debian/changelog
index f7ffc04..a66396e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-postcss (8.2.1+~cs5.3.23-7) unstable; urgency=medium
Le 29/04/2021 à 10:32, Yadd a écrit :
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
>
> Please unblock package node-postcss
>
> [
Le 29/04/2021 à 10:50, Yadd a écrit :
> Le 29/04/2021 à 10:32, Yadd a écrit :
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian@packages.debian.org
>> Usertags: unblock
>> X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
the package in testing
Cheers,
Yadd
unblock node-browserslist/4.16.3+~cs5.4.72-2
diff --git a/debian/changelog b/debian/changelog
index ee4d58f..f53ddc3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+node-browserslist (4.16.3+~cs5.4.72-2) unstable; urgency=medium
risk, just a transitional package
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other ]
acorn is in NEW queue since March 30th 2021
Cheers,
Yadd
unblock acorn/8.0.5+ds
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd (from hospital ;-))
unblock cyrus-imapd/3.2.6-2
diff --git a/debian/changelog b/debian/changelog
index bc383a9c..150929df 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3
,
Yadd (from hospital)
unblock pkg-js-tools/0.9.65
diff --git a/debian/changelog b/debian/changelog
index 9647851..def7239 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+pkg-js-tools (0.9.65) unstable; urgency=medium
+
+ * Force package.json install even if removed by
in testing
[ Other ]
Patch includes debian/watch update due to GitHub changes
Cheers,
Yadd (from hospital)
unblock node-got/11.8.1+~cs53.13.17-2
diff --git a/debian/changelog b/debian/changelog
index b70fffc..c1ca5b3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-got
] attach debdiff against the package in testing
[ Other info ]
This patch also:
* update GitHub tags regex in debian/watch
* mark autopkgtest with 'needs-internet' (which was missing)
Cheers,
Yadd (still from hospital ;-))
unblock node-millstone/0.6.19-4
diff --git a/debian/changelo
ented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock libbusiness-us-usps-webtools-perl/1.125-1
diff --git a/Changes b/Changes
index ad21fdc..0134ec1 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,21 @@
Rev
es and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
API change
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 3a65ac0..964b422 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -
in unstable
[ Changes ]
New check to verify key
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index a836bdb..1ae7498 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-set-value (3.0.1-2+deb11u1) bullseye; urgency=medium
+
+ * Team upload
+ * Fix
] the issue is verified as fixed in unstable
[ Changes ]
Better checks
[ Other info ]
Note that we could upload a 0.11.8-1~deb11u1: there is no differences
except a documentation update. If you agree, I prefer this way.
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index f1e6929
documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Use trim() instead of a regex
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 88ae229
, patch is trvial
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Regex improvement
Cheers,
Yadd
diff --git a
, patch is trivial
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Regex improvement
Cheers,
Yadd
diff --git a
release since change is exactly CVE
fix.
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 56d7a9c..c57aa87 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-ansi-regex (5.0.1-1~deb11u1) bullseye; urgency=medium
+
+ * Team upload
+ * New upstream version
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Regex improvement
Cheers,
Yadd
diff --git a/debian/changelog b/debian
Control: tags -1 - moreinfo
Le 30/09/2021 à 20:58, Adam D. Barratt a écrit :
> Control: tags -1 + moreinfo
>
> On Tue, 2021-09-21 at 14:49 +0200, Yadd wrote:
>> node-prismjs is vulnerable to a Regex Denial of Service (ReDoS)
>> (CVE-2021-40438)
>>
>
> Accordin
Control: tags -1 - moreinfo
Le 30/09/2021 à 21:33, Adam D. Barratt a écrit :
> Control: tags -1 + moreinfo
>
> On Tue, 2021-09-21 at 14:56 +0200, Yadd wrote:
>> node-prismjs is vulnerable to a Regex Denial of Service (ReDoS)
>> (CVE-2021-40438)
>>
>
> As with t
Control: tags -1 - moreinfo
Le 30/09/2021 à 21:45, Adam D. Barratt a écrit :
> Control: tags -1 + moreinfo
>
> On Thu, 2021-07-29 at 13:07 +0200, Yadd wrote:
>> node-jszip is vulnerable to a prototype pollution (CVE-2021-23413)
>>
>
> + * Fix a null prototype object
* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
New check
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 52c376a
* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
New check
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 52c376a..ebd18a4
] the issue is verified as fixed in unstable
[ Changes ]
Just a security check
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index e137315..48b298f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+jqueryui (1.12.1+dfsg-8+deb11u1) bullseye; urgency=medium
is trivial
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Just an additional check
Cheers,
Yadd
diff --git a
Control: tags -1 - moreinfo
On 03/12/2021 17:30, Adam D. Barratt wrote:
Control: tags -1 + moreinfo
On Tue, 2021-11-09 at 08:25 +0100, Salvatore Bonaccorso wrote:
Hi,
On Mon, Nov 08, 2021 at 12:27:03PM +0100, Yadd wrote:
[...]
Jquery-UI is the official jQuery user interface library. Prior
On 11/12/2021 18:42, Adam D. Barratt wrote:
On Mon, 2021-12-06 at 08:39 +0100, Yadd wrote:
sorry, here is the new debdiff
Thanks.
What's the rationale for this change?
--- a/debian/rules
+++ b/debian/rules
@@ -89,8 +89,8 @@ override_dh_auto_test: jquery-ui.js jquery-ui.min.js
themes
,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 5bfcaa7..63c3770 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-follow-redirects (1.13.1-1+deb11u1) bullseye; urgency=medium
+
+ * Team upload
+ * Drop Cookie header across domains (Closes: CVE-2022-0155
.
Cheers,
Yadd
On 15/01/2022 12:52, Yadd wrote:
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
node-markdown-it is vulnerable to regex denial of service
(CVE-2022-21670)
[ Impact ]
Little security issue
[ Tests ]
Test passed
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Clean headers before request
Cheers,
Yadd
diff --git a/debian
, patch is trivial
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
Cheers,
Yadd
diff --git a/debian/changelog b/debian
* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Replace regex by string parse
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index
assed
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Replace regex with hand-rolled parser
Cheers,
Yadd
diff --git a/d
+ * Drop Cookie header across domains (Closes: CVE-2022-0155)
+ * Drop confidential headers across schemes (Closes: CVE-2022-0536)
+
+ -- Yadd Sat, 12 Feb 2022 12:05:01 +0100
+
node-follow-redirects (1.13.1-1) unstable; urgency=medium
* Team upload
diff --git a/debian/patches/CVE-2022-0155
change
* Encode commandline arguments
[ Other info ]
I patched source files and regenerated minified files using uglifyjs
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index f70003b..956abf2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+node-prismjs
On 23/02/2022 22:44, Salvatore Bonaccorso wrote:
hi,
On Wed, Feb 23, 2022 at 10:27:33PM +0100, Moritz Mühlenhoff wrote:
Am Mon, Feb 21, 2022 at 01:57:54PM +0100 schrieb Yadd:
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
Same change is applied to CheckState plugin (no major risk here, this
plugin is reserved to LLNG administrators).
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index a56d54279..f6be653a8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+lemonldap-ng (2.0.11+ds-4+deb
ng (2.0.2+ds-7+deb10u7) buster; urgency=medium
+
+ * Add gsfonts in recommended dependencies (Closes: #982534)
+ * Fix auth process in password-testing plugins (Closes: CVE-2021-20874)
+
+ -- Yadd Thu, 24 Feb 2022 16:31:07 +0100
+
lemonldap-ng (2.0.2+ds-7+deb10u6) buster-security; urgency=med
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 3bfa0f2..32f71e8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-mermaid (8.7.0+ds+~cs27.17.17-3+deb11u1) bullseye; urgency=medium
+
+ * Decode html entities before sanitizing (Closes: CVE-2021-23648
are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Better checks
[ Other info ]
Upstream patch applied without any change
Cheers,
Yadd
diff --git a
,
Yadd
diff --git a/debian/changelog b/debian/changelog
index bd1ee3d..a11ea65 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-node-forge (0.8.1~dfsg-1+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Fix signature verification
+(Closes: CVE-2022-24771, CVE-2022
unstable
[ Changes ]
Better object check
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index c2fbfe1..a2262fa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-minimist (1.2.5+~cs5.3.1-2+deb11u1) bullseye; urgency=medium
+
+ * Team upload
+ * Fix prototype
1 - 100 of 229 matches
Mail list logo
