[Pkg-javascript-devel] Bug#1039990: Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
Moritz Mühlenhoff
jmm at inutil.org
Wed Dec 27 13:43:37 GMT 2023
Am Thu, Dec 21, 2023 at 11:26:27PM +0100 schrieb Jérémy Lal:
> Le jeu. 21 déc. 2023 à 20:34, Moritz Mühlenhoff <jmm at inutil.org> a écrit :
>
> > Am Thu, Dec 21, 2023 at 11:29:12AM +0100 schrieb Jérémy Lal:
> > > Le jeu. 21 déc. 2023 à 10:54, Moritz Muehlenhoff <jmm at inutil.org> a
> > écrit :
> > >
> > > > On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote:
> > > > > Hi,
> > > > >
> > > > > [CC'ing node-undici uploader]
> > > >
> > >
> > > [CC-ing the good email address for node-undici uploader]
> > >
> > > Attached is a debdiff for a node-undici update (which backports what has
> > > been done in testing).
> >
> > Looks good to me, please build with -sa (since it's the first upload
> > to bookworm-security) and upload to security-master.
> >
>
> Note that nodejs 18.19.0 doesn't need this node-undici version to be built,
> only typescript consumers need it (when rebuilding packages in bookworm,
> or when simply using a typescript compiler in bookworm).
I checked the autopkgtest results for 18.19 on bookworm (it's running
on security-master and isn't public at this point) and there are
five packages marked as regressing, for which I'm attaching the logs.
Two have explicit references to the node-undici (but since the new
node-undici isn't installed into the archive yet, these will only
recover when it's out).
Could you please do a quick pass over these if the other three are also
related or whether we potentially also need to update other packages
in bookworm?
Cheers,
Moritz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: node-babel.log.gz
Type: application/gzip
Size: 105524 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20231227/145b6d95/attachment.gz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: node-compile-cache.log.gz
Type: application/gzip
Size: 38405 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20231227/145b6d95/attachment-0001.gz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: node-re2.log.gz
Type: application/gzip
Size: 21279 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20231227/145b6d95/attachment-0002.gz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: node-yaml.log.gz
Type: application/gzip
Size: 37027 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20231227/145b6d95/attachment-0003.gz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: node-zx.log.gz
Type: application/gzip
Size: 46064 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20231227/145b6d95/attachment-0004.gz>
More information about the Pkg-javascript-devel
mailing list