[Pkg-javascript-devel] Bug#1039990: Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
Jérémy Lal
kapouer at melix.org
Wed Dec 20 20:12:36 GMT 2023
Le mer. 19 juil. 2023 à 21:51, Jérémy Lal <kapouer at melix.org> a écrit :
>
>
> Le mer. 19 juil. 2023 à 14:18, Moritz Mühlenhoff <jmm at inutil.org> a
> écrit :
>
>> Am Fri, Jun 30, 2023 at 08:12:37PM +0200 schrieb Jérémy Lal:
>> > Hi,
>> >
>> > Le ven. 30 juin 2023 à 19:21, Salvatore Bonaccorso <carnil at debian.org>
>> a
>> > écrit :
>> >
>> > > Source: nodejs
>> > > Version: 18.13.0+dfsg1-1
>> > > Severity: important
>> > > Tags: security upstream
>> > > X-Debbugs-Cc: carnil at debian.org, Debian Security Team <
>> > > team at security.debian.org>
>> > >
>> > > Hi,
>> > >
>> > > The following vulnerabilities were published for nodejs.
>> > >
>> > > CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and
>> > > CVE-2023-30590[3].
>> > >
>> > >
>> > > If you fix the vulnerabilities please also make sure to include the
>> > > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>> > >
>> >
>> > It would be interesting to know if we adopt the same plan we had with
>> > security team:
>> > full upstream updates in the same branch, 18.x here.
>>
>> Ack, let's do that. Could you prepare bookworm-security updates
>> based on 18.17.0 (after it has landed in unstable)?
>
>
nodejs 18.19.0 has landed in testing.
It rebuilds fine in bookworm, and test-suite-during-build pass on amd64.
It also requires "node-undici", precisely for that change:
node-undici (5.28.2+dfsg1+~cs23.11.12.3-2) unstable; urgency=medium
* Build and publish undici-types, needed by new @types/node
Is there a way to deal with this ?
Jérémy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20231220/fbf0607f/attachment.htm>
More information about the Pkg-javascript-devel
mailing list