[Pkg-javascript-devel] Bug#1039990: Bug#1039990: Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
Moritz Muehlenhoff
jmm at inutil.org
Fri Dec 22 17:23:23 GMT 2023
On Fri, Dec 22, 2023 at 05:47:20PM +0100, Jérémy Lal wrote:
> Le jeu. 21 déc. 2023 à 23:30, Jérémy Lal <kapouer at melix.org> a écrit :
>
> >
> >
> > Le jeu. 21 déc. 2023 à 20:34, Moritz Mühlenhoff <jmm at inutil.org> a écrit :
> >
> >> Am Thu, Dec 21, 2023 at 11:29:12AM +0100 schrieb Jérémy Lal:
> >> > Le jeu. 21 déc. 2023 à 10:54, Moritz Muehlenhoff <jmm at inutil.org> a
> >> écrit :
> >> >
> >> > > On Thu, Dec 21, 2023 at 06:43:35AM +0100, Salvatore Bonaccorso wrote:
> >> > > > Hi,
> >> > > >
> >> > > > [CC'ing node-undici uploader]
> >> > >
> >> >
> >> > [CC-ing the good email address for node-undici uploader]
> >> >
> >> > Attached is a debdiff for a node-undici update (which backports what has
> >> > been done in testing).
> >>
> >> Looks good to me, please build with -sa (since it's the first upload
> >> to bookworm-security) and upload to security-master.
> >>
> >
> > Note that nodejs 18.19.0 doesn't need this node-undici version to be built,
> > only typescript consumers need it (when rebuilding packages in bookworm,
> > or when simply using a typescript compiler in bookworm).
Ack!
> nodejs (18.19.0+dfsg-6~deb11u1) is ready and built with -sa.
The bookworm branch looks good, but the version is wrong, Bookworm was the
12th Debian release, so this should be 18.19.0+dfsg-6~deb12u1 instead.
With that change, please upload to security-master.
Cheers,
Moritz
More information about the Pkg-javascript-devel
mailing list