[Pkg-javascript-devel] Bug#1039990: Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
Moritz Mühlenhoff
jmm at inutil.org
Wed Dec 27 16:16:52 GMT 2023
[ Also adding Paul Gevers for awareness, for context we're bumping nodejs
in Bookworm to the latest 18.x security/LTS release ]
On Wed, Dec 27, 2023 at 03:03:20PM +0100 Jérémy Lal wrote:
> I don't think so, there are all either node-undici-related, or just test
> suites regressions.
> Here are the details:
>
> node-zx is a regression in the test suite only, fixed there:
> https://salsa.debian.org/js-team/node-zx/-/commit/a7d2861413480261890db147ea367a252192c9f2
>
> node-yaml is caused by missing node-undici
>
> node-v8-compile-cache is a regression in the test suite only, fixed there:
> https://salsa.debian.org/js-team/node-v8-compile-cache/-/commit/df42bdbfe84811e4da11d8c3d8ef3148d8a77bcc
>
> node-babel7 is a regression in the test suite, fixed there:
> https://salsa.debian.org/js-team/node-babel/-/commit/e5c88f4d765e4d64b60c9cf333dedb89abba39c5
>
> node-re2 is caused by missing node-undici
Great, thanks for the detailed analysis!
This means the update to .19 will regress autopkgtests for node-zx, node-v8-compile-cache
and node-babel7, but since these are all only test suite regressions, we can just go
ahead and fix the tests in a subsequent bookworm point update, ok?
Cheers,
Moritz
More information about the Pkg-javascript-devel
mailing list