[Pkg-javascript-devel] Bug#1039990: Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
Jérémy Lal
kapouer at melix.org
Wed Dec 27 16:18:52 GMT 2023
Le mer. 27 déc. 2023 à 17:16, Moritz Mühlenhoff <jmm at inutil.org> a écrit :
> [ Also adding Paul Gevers for awareness, for context we're bumping nodejs
> in Bookworm to the latest 18.x security/LTS release ]
>
> On Wed, Dec 27, 2023 at 03:03:20PM +0100 Jérémy Lal wrote:
>
> > I don't think so, there are all either node-undici-related, or just test
> > suites regressions.
> > Here are the details:
> >
> > node-zx is a regression in the test suite only, fixed there:
> >
> https://salsa.debian.org/js-team/node-zx/-/commit/a7d2861413480261890db147ea367a252192c9f2
> >
> > node-yaml is caused by missing node-undici
> >
> > node-v8-compile-cache is a regression in the test suite only, fixed
> there:
> >
> https://salsa.debian.org/js-team/node-v8-compile-cache/-/commit/df42bdbfe84811e4da11d8c3d8ef3148d8a77bcc
> >
> > node-babel7 is a regression in the test suite, fixed there:
> >
> https://salsa.debian.org/js-team/node-babel/-/commit/e5c88f4d765e4d64b60c9cf333dedb89abba39c5
> >
> > node-re2 is caused by missing node-undici
>
> Great, thanks for the detailed analysis!
>
> This means the update to .19 will regress autopkgtests for node-zx,
> node-v8-compile-cache
> and node-babel7, but since these are all only test suite regressions, we
> can just go
> ahead and fix the tests in a subsequent bookworm point update, ok?
>
Ok, so I suppose js-team would need to upload those three packages to t-p-u
?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20231227/64e94b23/attachment.htm>
More information about the Pkg-javascript-devel
mailing list