subject:"Bug#1036978\: bookworm\-pu\: package node\-undici\/5.15.0\+dfsg1\+\~cs20.10.9.3\-1\+deb12u1"

Bug#1036978: bookworm-pu: package node-undici/5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1

2023-06-24 Thread Jonathan Wiltshire

Control: tag -1 confirmed On Wed, May 31, 2023 at 04:00:47PM +0400, Yadd wrote: > [ Reason ] > node-undici is vulnerable to: > * CVE-2023-23936: "Host" HTTP header isn't protected against CLRF injection > * CVE-2023-24807: Regex Denial of Service on headers set/append Please update the

Bug#1036978: bookworm-pu: package node-undici/5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1

2023-05-31 Thread Yadd

Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: node-und...@packages.debian.org Control: affects -1 + src:node-undici [ Reason ] node-undici is vulnerable to: * CVE-2023-23936: "Host" HTTP header isn't protected