[Pkg-javascript-devel] Bug#1039990: Bug#1039990: nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 30 19:57:15 BST 2023
Hi
[CC'ing the security team alias]
On Fri, Jun 30, 2023 at 08:12:37PM +0200, Jérémy Lal wrote:
> Hi,
>
> Le ven. 30 juin 2023 à 19:21, Salvatore Bonaccorso <carnil at debian.org> a
> écrit :
>
> > Source: nodejs
> > Version: 18.13.0+dfsg1-1
> > Severity: important
> > Tags: security upstream
> > X-Debbugs-Cc: carnil at debian.org, Debian Security Team <
> > team at security.debian.org>
> >
> > Hi,
> >
> > The following vulnerabilities were published for nodejs.
> >
> > CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and
> > CVE-2023-30590[3].
> >
> >
> > If you fix the vulnerabilities please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
> >
>
> It would be interesting to know if we adopt the same plan we had with
> security team:
> full upstream updates in the same branch, 18.x here.
Yes I think we can do the same for bookworm and follow the 18.x
releases given it is a LTS branch. Unless you have some reason to
believe it would not be wise to do for the 18.x series.
Regards,
Salvatore
More information about the Pkg-javascript-devel
mailing list