subject:"Bug#1022122\: bullseye\-pu\: package node\-minimatch\/3.0.4\+\~3.0.3\-1\+deb11u1"

Processed: Re: Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1

2022-11-23 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1022122 [release.debian.org] bullseye-pu: package 
node-minimatch/3.0.4+~3.0.3-1+deb11u1
Added tag(s) confirmed.

-- 
1022122: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022122
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1

2022-11-23 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Thu, 2022-10-20 at 17:22 +0200, Yadd wrote:
> node-minimatch is vulnerable to ReDoS
> 

Please go ahead.

Regards,

Adam

Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1

2022-10-20 Thread Yadd

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
node-minimatch is vulnerable to ReDoS

[ Impact ]
Medium security issue

[ Tests ]
New tests included in patch, passed

[ Risks ]
Low risk, patch is not so big and test passed

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Improve ReDoS protection and add more tests

Cheers,
Yadd

Processed: Re: Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1

Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1

Bug#1022122: bullseye-pu: package node-minimatch/3.0.4+~3.0.3-1+deb11u1

3 matches

Site Navigation

Mail list logo

Footer information