Source: node-static Version: 0.7.11+~0.7.7-2 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for node-static. CVE-2025-11149[0]. Note this CVE is not very clear, and there is node-static in the nubosoftware space. Now the CVE description references [1]. Can you clarify on the state of the two projects? Our packaged one seems to have still the issue? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-11149 https://www.cve.org/CVERecord?id=CVE-2025-11149 [1] https://github.com/cloudhead/node-static/commit/78879dc665f0f7137063794b6e0b6203a81c7f67 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- Pkg-javascript-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
