[Pkg-javascript-devel] Bug#1036660: unblock: node-socket.io-parser/4.2.1+~3.1.0-2
Yadd
yadd at debian.org
Wed May 24 04:39:34 BST 2023
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-socket.io-parser at packages.debian.org
Control: affects -1 + src:node-socket.io-parser
Please unblock package node-socket.io-parser
[ Reason ]
node-socket.io-parser is vulnerable to CVE-2023-32695: a malformet
packet can trigger an uncaught exception on the Socket.IO server,
thus killing the Node.js process.
[ Impact ]
Medium security issue
[ Tests ]
Test updated, passed
[ Risks ]
No risk:
* patch is trivial
* the patch is a revert, version 4.0.2 (Bullseye) isn't vulnerable even
if included in the report
(see https://github.com/socketio/socket.io/discussions/4721)
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-socket.io-parser/4.2.1+~3.1.0-2
More information about the Pkg-javascript-devel
mailing list