subject:"Bug#958931\: buster\-pu\: package node\-mongodb\/3.1.13\+\~3.1.11\-2\+deb10u1"

Bug#958931: buster-pu: package node-mongodb/3.1.13+~3.1.11-2+deb10u1

2020-05-01 Thread Adam D. Barratt

Control: tags -1 + confirmed On Sun, 2020-04-26 at 21:45 +0200, Xavier Guimard wrote: > bson (embedded in node-mongodb) is vulnerable to Deserialization of > Untrusted Data. This upstream fix fixes both CVE-2019-2391 and CVE- > 2020-7610. > Please go ahead. Regards, Adam

Bug#958931: buster-pu: package node-mongodb/3.1.13+~3.1.11-2+deb10u1

2020-04-26 Thread Xavier Guimard

Package: release.debian.org Severity: normal Tags: buster User: release.debian@packages.debian.org Usertags: pu Hi, bson (embedded in node-mongodb) is vulnerable to Deserialization of Untrusted Data. This upstream fix fixes both CVE-2019-2391 and CVE-2020-7610. Cheers, Xavier diff --git a/de