[Pkg-javascript-devel] Bug#1084983: Bug#1084983: node-dompurify: CVE-2024-47875
Salvatore Bonaccorso
carnil at debian.org
Sat Oct 19 14:32:00 BST 2024
Hi Yadd, hi Moritz,
On Sat, Oct 12, 2024 at 07:37:45PM +0200, Yadd wrote:
> On 10/12/24 18:08, Moritz Mühlenhoff wrote:
> > On Sat, Oct 12, 2024 at 04:14:14PM +0200, Yadd wrote:
> > > Hi,
> > >
> > > here is a debdiff for bookworm
> >
> > Please upload to security-master, thanks!
> >
> > Cheers,
> > Moritz
>
> Hi,
>
> it's done
Please correct me if I'm wrong, but haven't we here introduced now
CVE-2024-45801 for bookworm?
The GHSA-gx9m-whjm-85jf mentioned to be cautious when cherry-picking
commits, in fact the commit 0ef5e537a514f904b6aa1d7ad9e749e365d7185f
introduces then CVE-2024-45801.
Do we need now a followup to fix node-dompurify in bookworm for
CVE-2024-45801?
Regards,
Salvatore
More information about the Pkg-javascript-devel
mailing list