Control: severity 1032904 serious Hi Yadd,
On Wed, Mar 15, 2023 at 09:11:46PM +0100, Paul Gevers wrote: > Control: tags -1 moreinfo > > Hi Yadd, > > On 15-03-2023 13:38, Yadd wrote: > > [ Reason ] > > node-webpack is vulnerable to cross-realm object access > > (#1032904, CVE-2023-28154). > > This doesn't look like a targeted fix, but rather seems to include much > more. > > How about reverting and providing a fix only for that CVE please? have you seen Paul's comment/question above? We have now a somehow unfortunate situation that the CVE is fixed in unstable, and it is fixed with the last point release as well in bullseye. But it is still open in bookworm. I will bump for this reason the severity of #1032904 to RC as it is a regression on this regards. Regards, Salvatore