[Pkg-javascript-devel] Bug#1108696: nodejs: CVE-2025-23166 for Bookworm
Naaz, Syeda Shagufta
syedashagufta.naaz at siemens.com
Thu Jul 3 11:25:11 BST 2025
Package: nodejs
Version: 18.19.0+dfsg-6~deb12u2
CVE: CVE-2025-23166
Severity: Important
Hi,
The following vulnerability affects the Bookworm nodejs package version 18.19.0+dfsg-6~deb12u2.
CVE-2025-23166<https://security-tracker.debian.org/tracker/CVE-2025-23166>:
Improper error handling in async cryptographic operations crashes process
This issue appears to have already been fixed in the unstable release (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105832). Are there any plans to backport the fix to the Bookworm release as well?
I appreciate your time and guidance on this matter.
Regards,
Syeda Shagufta Naaz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20250703/19fe46f2/attachment.htm>
More information about the Pkg-javascript-devel
mailing list