[Pkg-javascript-devel] Bug#1111769: Bug#1111769: node-sha.js: CVE-2025-9288
Yadd
yadd at debian.org
Sat Aug 23 02:56:25 BST 2025
On 8/22/25 11:02, Moritz Mühlenhoff wrote:
> On Thu, Aug 21, 2025 at 11:55:47PM +0200, Yadd wrote:
>> MISSING:
>> sha.js at 2.4.12
>> └── to-buffer (1.2.1)
>> └── typed-array-buffer (1.0.3)
>> └── call-bound (1.0.4)
>> └── call-bind-apply-helpers (1.0.2)
>> └── es-errors (1.3.0)
>> └── (^) es-errors (1.3.0)
>>
>> i can push this new module (with its deps as uscan-components) in new queue.
>> Maybe embed all in node-sha.js package for Trixie/Bookworm ?
>
> I think that would be a sensible workaround, yes.
>
> Cheers,
> Moritz
Hi,
I pushed node-to-buffer in NEW queue to fix node-sha.js in unstable
More information about the Pkg-javascript-devel
mailing list