On Friday, 2 July 2021 10:36:18 CEST you wrote: > The patch hasn't landed in libuv.git, but here's the patch as applied > by nodejs: > https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d9716318 > 29
This patch modifies a file that was introduced in version 1.24. So I guess that buster and backport are also vulnerables. I will upload a new package to unstable soon. All the best.