in unstable
[ Changes ]
Drop headers Host/Cookie unless same-origin
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 92c0de8..168ee34 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-undici (5.15.0+dfsg1+~cs20.10.9.3-1+deb12u2) bookworm; urgency
On 10/8/23 16:10, Jonathan Wiltshire wrote:
Hi,
This request was approved but not uploaded in time for the previous point
release (11.8). Should it be included in 11.9, or should this request be
abandoned and closed?
Sorry, I was travelling. I just pushed the update
Thanks!
On 10/8/23 16:04, Jonathan Wiltshire wrote:
Hi,
This request was approved but not uploaded in time for the previous point
release (11.8). Should it be included in 11.9, or should this request be
abandoned and closed?
Sorry, I was travelling. I just pushed the update
Thanks!
On 10/8/23 16:03, Jonathan Wiltshire wrote:
Hi,
This request was approved but not uploaded in time for the previous point
release (11.8). Should it be included in 11.9, or should this request be
abandoned and closed?
Sorry, I was travelling. I just pushed the update
Thanks!
On 10/8/23 15:55, Jonathan Wiltshire wrote:
Hi,
This request was approved but not uploaded in time for the previous point
release (11.8). Should it be included in 11.9, or should this request be
abandoned and closed?
Sorry, I was travelling. I just pushed the update
Thanks!
o list authorized "request_uris"
* change the algorithm that manage request_uri parameter
Cheers,
Yadd
diff --git a/debian/NEWS b/debian/NEWS
index c4d7ee951..ba4a14a12 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,13 @@
+lemonldap-ng (2.0.11+ds-4+deb11u5) bullseye; urgency=medi
parameter.
+ By default, this feature is now restricted to a white list. See
+ Relying-Party security option to fill this field.
+
+ -- Yadd Fri, 29 Sep 2023 17:15:03 +0400
+
lemonldap-ng (2.0.9+ds-1) unstable; urgency=medium
CVE-2020-24660
diff --git a/debian/changelog b/debian/chang
e respects the config when login comes from
AuthSlave
* Sanitize URLs used in redirections
* Tests
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 8de0d083f..268c0d993 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+lemonldap-ng (2.16.1+ds-deb12u1)
ove them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
* fix dpkg --compare-versions use
* update doc to replace minimal 3.2.10 by 3.2.6-2+deb11u2
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index a6d3c
:26AM +0400, Yadd wrote:
[ Reason ]
node-dottie is vulnerable to prototype pollution (#1040592,
CVE-2023-26132)
By all means go ahead, but it can't be accepted until the situation
in
testing is fixed up (unless we propogate the version from
bookworm-proposed-updates to testing).
The provided
Control: tags -1 - moreinfo
On 7/25/23 21:02, Jonathan Wiltshire wrote:
Control: tag -1 moreinfo
On Fri, Apr 21, 2023 at 11:36:54AM +0400, Yadd wrote:
diff --git a/debian/changelog b/debian/changelog
index 628f69a..106d13b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10
On 7/7/23 21:43, Jonathan Wiltshire wrote:
Control: tag -1 moreinfo
On Fri, Jul 07, 2023 at 09:01:40PM +0400, Yadd wrote:
[ Reason ]
node-tough-cookie is vulnerable to prototype pollution
How has this been fixed in unstable? You'll need an upload there anyway for
version ordering.
Thanks
is verified as fixed in unstable
Regards,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 0053d7ee..a07dd9d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-webpack (5.75.0+dfsg+~cs17.16.14-1+deb12u1) bookworm; urgency=medium
+
+ * Team upload
+ * Avoid cross
are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Install missing /usr/share/nodejs/seek-bzip/bin files and fix links in
/usr/bin
Regards,
Yadd
diff
as fixed in unstable
[ Changes ]
Don't allow __proto__ modifications.
Patch includes also debian/tests/pkg-js/enable_proto file to allow
__proto__ calls during autopkgtest (forbidden by default) because patch
includes a prototype-pollution test
Cheers,
Yadd
diff --git a/debian/changelog b/debian
as fixed in unstable
[ Changes ]
Don't allow __proto__ modifications.
Patch includes also debian/tests/pkg-js/enable_proto file to allow
__proto__ calls during autopkgtest (forbidden by default) because patch
includes a prototype-pollution test
Cheers,
Yadd
diff --git a/debian/changelog b/debian
as fixed in unstable
[ Changes ]
Create new object instead of using default {}
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 3652359..84339cf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-tough-cookie (4.0.0-2+deb11u1) bullseye; urgency=medium
as fixed in unstable
[ Changes ]
Create new object instead of using default {}
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 3652359..a8e8b7e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-tough-cookie (4.0.0-2+deb12u1) bookworm; urgency=medium
On 6/1/23 13:44, Paul Gevers wrote:
control: tags -1 moreinfo
Hi Yadd,
On 29-05-2023 05:58, Yadd wrote:
On 5/28/23 10:29, Graham Inggs wrote:
On Wed, 3 May 2023 at 04:51, Yadd wrote:
How about reverting and providing a fix only for that CVE please?
instead of reverting and have a too
On 5/31/23 23:30, Salvatore Bonaccorso wrote:
Hi Yadd,
On Wed, May 31, 2023 at 03:13:06PM +0400, Yadd wrote:
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: jquer...@packages.debian.org
Control: affects -1
Cheers,
Yadd
unblock jquery-minicolors/2.3.5+dfsg-4
diff --git a/debian/changelog b/debian/changelog
index 1e959f0..dcf5b2f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+jquery-minicolors (2.3.5+dfsg-4) unstable; urgency=medium
+
+ * Team upload
+ * Declare compliance
nges and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Just new little checks
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 3a69b63..92c0de8 100644
--- a/debian/changelog
+++ b/debian/changel
] the issue is verified as fixed in unstable
[ Changes ]
Don't accept label outside of the root element
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 3a6a587..9b1e9cc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+jqueryui (1.12.1+dfsg-8+deb11u2
all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Refuse to copy a file if destination is a symlink
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 23c3145..dcebea4 100644
the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Update URL split to fix user and password values if any
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 842b4ff..c261d0e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10
iff against the package in testing
Cheers,
Yadd
unblock node-babel7/7.20.15+ds1+~cs214.269.168-3
diff --git a/debian/changelog b/debian/changelog
index d445ccc55..f0ff6d95f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-babel7 (7.20.15+ds1+~cs214.269.168-3) unsta
On 5/28/23 10:29, Graham Inggs wrote:
tags -1 + moreinfo
Hi Yadd
On Wed, 3 May 2023 at 04:51, Yadd wrote:
here is the current debdiff (without the big removal of useless
discoveryjs-json-ext/benchmarks)
I removed the moreinfo tag before realizing this is exactly the same
as the first
) isn't vulnerable even
if included in the report
(see https://github.com/socketio/socket.io/discussions/4721)
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock
Control: retitle -1 unblock: node-is-docker/3.0.0-6
Hi,
a dependency to nodejs:any was missing, here is a new debdiff
Cheers,
Yadd
unblock node-is-docker/3.0.0-6diff --git a/debian/changelog b/debian/changelog
index 5270a2c..0f4d72d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3
On 5/23/23 13:25, Yadd wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-isomorphic-fe...@packages.debian.org
Control: affects -1 + src:node-isomorphic-fetch
Please unblock package node-isomorphic-fetch
/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-isomorphic-fetch/3.0.0-3
[ Impact ]
Just a dandling link
[ Tests ]
No change
[ Risks ]
No risk
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-jschardet/3.0.0+dfsg+~1.4.0-2
]
Library unusable in command-line
[ Tests ]
No changes
[ Risks ]
No risk
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-is-docker/3.0.0-5
diff --git
unusable in command line
[ Tests ]
No changes
[ Risks ]
No risk
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-shelljs/0.8.5+~cs0.8.10-2
diff --git
fix-OP-acr-parsing.patch is trivial
* the fix-viewer-endpoint.patch is just a partial revert
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock lemonldap-ng/2.16.1+ds-2
On 5/11/23 11:38, Paul Gevers wrote:
Hi Yadd,
On 06-05-2023 22:22, Yadd wrote:
unblock node-yaml/2.1.3-2
done, but
--- node-yaml-2.1.3/debian/tests/control 1970-01-01
00:00:00.0 +
+++ node-yaml-2.1.3/debian/tests/control 2023-05-06
05:56:19.0 +
Sorry, little error. Here is the new debdiff for
node-source-map/0.7.0++dfsg2+really.0.6.1-15
Cheers,
Yadd
On 5/11/23 10:57, Yadd wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-source
, then updates from Bullseye dropped
the copyright.
[ Impact ]
Missing copyright
[ Risks ]
No risk
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-source-map/0.7.0
lintian-brush
* a little test paths fix because test failed on platforms where the
"debian" word was in the build root path (especially salsa)
Cheers,
Yadd
unblock node-yaml/2.1.3-2
diff --git a/debian/changelog b/debian/changelog
index 3265e73..5d44f16 100644
--- a/debian/changelog
++
Risks ]
No risk here
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-core-js/3.26.1-3diff --git a/debian/changelog b/debian/changelog
index f85b17e..953664b
)
[ Impact ]
Just a dandling link that makes piupart cry
[ Risks ]
No risk
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-source-map/0.7.0++dfsg2
On 5/2/23 23:26, Paul Gevers wrote:
Hi Yadd,
On 02-05-2023 10:15, Yadd wrote:
extracting only CVE patch means:
* keep some (unimportant) bugs in Bullseye
* publish such version number:
5.76.1+dfsg1+~cs17.16.16+really~5.75.0+dfsg+~cs17.16.14-1
Indeed, both are totally acceptable. Can
On 4/29/23 16:00, Salvatore Bonaccorso wrote:
Control: severity 1032904 serious
Hi Yadd,
On Wed, Mar 15, 2023 at 09:11:46PM +0100, Paul Gevers wrote:
Control: tags -1 moreinfo
Hi Yadd,
On 15-03-2023 13:38, Yadd wrote:
[ Reason ]
node-webpack is vulnerable to cross-realm object access
ed, passed.
[ Risks ]
Low risk, the main changes Have been in unstable for 2 months and didn't
generate any regressions.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yad
"Replaces" to manage
file conflicts. This update just adds this.
[ Risks ]
No risk here
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-jest/29.3
, it needs a "Replaces" to manage
file conflicts. This update just adds this.
[ Risks ]
No risk here
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-c
, it needs a "Replaces" to manage
file conflicts. This update just adds this.
[ Risks ]
No risk here
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock
)
[ Risks ]
No risk
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-parse5/7.1.2+dfsg-2
diff --git a/debian/changelog b/debian/changelog
index 94e7e84
uot; to manage
file conflicts. This update just adds this.
[ Risks ]
No risk here
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-npm-run-path/5.1.0+~4.0.0-8
quot; to manage
file conflicts. This update just adds this.
[ Risks ]
No risk here
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-whatwg-fetch/3.6.2-7
diff --gi
On 4/22/23 13:14, Sebastian Ramacher wrote:
Control: tags -1 moreinfo
On 2023-04-21 11:16:32 +0400, Yadd wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-xml...@packages.debian.org
Control: affects -1
against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Replace {} by Object.create(null)
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 628f69a..106d13b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-xml2js
] attach debdiff against the package in testing
Cheers,
Yadd
unblock node-xml2js/0.4.23+~cs15.4.0+dfsg-5
diff --git a/debian/changelog b/debian/changelog
index 98492d7..9d9dac7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+node-xml2js (0.4.23+~cs15.4.0+dfsg-5) unstable
in testing
Cheers,
Yadd
unblock node-ua-parser-js/0.8.1+ds+~0.7.36-3
diff --git a/debian/changelog b/debian/changelog
index 97dc70f..fe75bc4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-ua-parser-js (0.8.1+ds+~0.7.36-3) unstable; urgency=medium
+
+ * Team upload
+ * Update
/register and buble/register (Debian uses
@babel/register, no more babel/register)
* test modules: drop embedded "expect" and add patch to use
Debian's node-expect (provided by jest)
* lintian-brush:
* update lintian tags
* update metadata
* update debian/watch
Cheers,
Yadd
un
in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
This debdiff adds also some tips from lintian-brush (lintian tags and
metadata update)
Cheers,
Yadd
unblock node-sinon/14.0.2+ds+~cs74.13.25-2
diff --git a/debian
nd I approve them
[X] attach debdiff against the package in testing
[ Other info ]
This change includes a lintian-brush fix (little things in lintian +
policy 4.6.2)
Regards,
Yadd
unblock node-sockjs-client/1.6.1+dfsg1-2
diff --git a/debian/changelog b/debian/changelog
index d68db9b..77c59b4 10
copyright
[ Tests ]
No code change
[ Risks ]
No risk here, no code change.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
Cheers,
Yadd
unblock cyrus-imapd/3.6.1-4
diff --git
Control: tags -1 - confirmed
On 4/1/23 22:47, Moritz Mühlenhoff wrote:
Am Sat, Apr 01, 2023 at 08:32:55AM +0400 schrieb Yadd:
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: apac...@packages.debian.org
Control
against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Drop apache2-doc.postinst
[ Other ]
Fixed in testing/Bookworm in version 2.4.54-3.
Cheers,
Yadd
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index ..c048ae45
--- /dev/null
+++ b
in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Update of debian/copyright
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 9d1408cb..a6d3c31a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+cyrus-imapd (3.6.1-4) unstable; urgency
to restore
previous behavior.
[ Other info ]
I didn't pushed yet the already accepted patch for deb11u3 (#1030598).
Maybe we could join and push directly deb11u4 into Bullseye.
Cheers,
Yadd
diff --git a/debian/NEWS b/debian/NEWS
index b8955920b..c4d7ee951 100644
--- a/debian/NEWS
+++ b/debian/NE
On 3/15/23 16:38, Yadd wrote:
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: node-webp...@packages.debian.org
Control: affects -1 + src:node-webpack
Please unblock package node-webpack
[ Reason ]
node-webpack
against the package in testing
[ Other info ]
The attached debdiff doesn't show the doc and test snapshot updates,
else debdiff is really big and not relevant.
Cheers,
Yadd
unblock node-webpack/5.76.1+dfsg1+~cs17.16.16-1
diff --git a/README.md b/README.md
index c712d27f..a6549c1c 100644
upstream releases in bullseye-security, we need to have apache2
2.4.56 in testing before releasing apache2 2.4.56~deb11u1 in
stable-security.
Best regards,
Yadd
b/debian/changelog
@@ -1,3 +1,14 @@
+node-sqlite3 (5.1.5+ds1-1) unstable; urgency=medium
+
+ * Team upload
+ * Update lintian override info format in d/source/lintian-overrides
+on line 2-3
+ * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse
+ * Update standards versi
] the issue is verified as fixed in unstable
[ Changes ]
Better isolation in distinct Node.js vm for each object to parse before
setting keys in vulnerable object
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 4bbdc0d3..dcd60ee0 100644
--- a/debian/changelog
+++ b/debian
On 3/4/23 20:14, Paul Gevers wrote:
Hi Yadd,
On 22-08-2022 22:01, Paul Gevers wrote:
On 22-08-2022 17:26, Yadd wrote:
could you remove node-request from testing ? Following #956423, it
shouldn't be part of next stable release. All its reverse dependencies
are already removed from testing
[ Changes ]
Check if cookie is not too big
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index d31a10d..2ecbcad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-cookiejar (2.1.2-1+deb11u1) bullseye; urgency=medium
+
+ * Team upload
+ * Add a guard against
in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Use URI to test base64 encoded URL instead of custom regex.
Cheers,
Yadd
diff --git a/debian/changelog b/debian
as fixed in unstable
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index fef8d26..0aa0bd6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-json5 (2.1.3-2+deb11u1) bullseye; urgency=medium
+
+ * Team upload
+ * add __proto__ to objects and arrays (Closes
On 04/12/2022 19:11, Adam D. Barratt wrote:
[...]
Hi,
no that's the reverse, I cleaned deb11u1 patch in deb11u2, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1022122;filename=node-minimatch_3.0.4%2B~3.0.3-1%2Bdeb11u1%2Bdeb11u2.debdiff;msg=42
(cumulative debdiff)
Right,
On 04/12/2022 19:03, Adam D. Barratt wrote:
On Tue, 2022-11-29 at 11:14 +0100, Yadd wrote:
On 29/11/2022 10:56, Yadd wrote:
On 28/11/2022 22:11, Paul Gevers wrote:
Hi Yadd,
On Sat, 26 Nov 2022 13:01:22 + Adam D Barratt
wrote:
The upload referenced by this bug report has been flagged
On 29/11/2022 11:25, Yadd wrote:
On 29/11/2022 11:14, Yadd wrote:
On 29/11/2022 10:56, Yadd wrote:
On 28/11/2022 22:11, Paul Gevers wrote:
Hi Yadd,
On Sat, 26 Nov 2022 13:01:22 + Adam D Barratt
wrote:
The upload referenced by this bug report has been flagged for
acceptance
] the issue is verified as fixed in unstable
Replace custom url parsing by `url` functions.
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 7a55fa8..a913487 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-hawk (8.0.1+dfsg-2+deb11u1) bullseye; urgency
[ Changes ]
Just verity that key isn't __proto__ before updating object keys
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 3734d04..774ba07 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-qs (6.9.4+ds-1+deb11u1) bullseye; urgency=medium
+
+ * Team
On 29/11/2022 11:14, Yadd wrote:
On 29/11/2022 10:56, Yadd wrote:
On 28/11/2022 22:11, Paul Gevers wrote:
Hi Yadd,
On Sat, 26 Nov 2022 13:01:22 + Adam D Barratt
wrote:
The upload referenced by this bug report has been flagged for
acceptance into the proposed-updates queue for Debian
On 28/11/2022 22:11, Paul Gevers wrote:
Hi Yadd,
On Sat, 26 Nov 2022 13:01:22 + Adam D Barratt
wrote:
The upload referenced by this bug report has been flagged for
acceptance into the proposed-updates queue for Debian bullseye.
Thanks for your contribution!
Upload details
XML document before change it
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index e486812..50d0288 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-xmldom (0.5.0-1+deb11u2) bullseye; urgency=medium
+
+ * Team upload
+ * Prevent inserting DOM nodes when
On 14/11/2022 11:01, Yadd wrote:
Hi,
here is another update to fix CVE-2022-37599 (trivial patch).
Cheers,
Yadd
This fix also CVE-2022-37603 (duplicate of CVE-2022-37599)diff --git a/debian/changelog b/debian/changelog
index 7d05292..aace5b2 100644
--- a/debian/changelog
+++ b/debian
upload
+ * Fix prototype pollution (Closes: CVE-2022-37601)
+ * Fix ReDos (Closes: CVE-2022-37599)
+
+ -- Yadd Mon, 14 Nov 2022 10:58:58 +0100
+
node-loader-utils (2.0.0-1) unstable; urgency=medium
* Team upload
diff --git a/debian/patches/CVE-2022-37599.patch
b/debian/patches/CVE-2022
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Replace {} by Object.create(null)
Cheers,
Yadd
diff --git a/debian
passed
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Improve ReDoS protection and add more tests
Cheers,
Yadd
]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Add checks to avoid prototype pollution
Cheers,
Yadd
diff --git a/debian
pollution. Update also snapshots during
test (`jest -u`)
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 41abbd3..e486812 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-xmldom (0.5.0-1+deb11u1) bullseye; urgency=medium
+
+ * Team upload
+ * Fix
On 11/10/2022 18:56, Adam D. Barratt wrote:
On Tue, 2022-10-11 at 09:57 +0200, Yadd wrote:
On 11/10/2022 09:27, Sebastian Ramacher wrote:
On 2022-10-11 06:50:09 +0200, Yadd wrote:
node-jest is still blocked in unstable but I can't understand
why:
* tracker.d.o reports nothing
* Britney
On 11/10/2022 09:27, Sebastian Ramacher wrote:
On 2022-10-11 06:50:09 +0200, Yadd wrote:
On 09/10/2022 16:42, Yadd wrote:
On 09/10/2022 15:26, Paul Gevers wrote:
Hi Yadd,
[For the future, these mails should go to the release team. I'm not
the only one in the team, and there is nothing secret
On 09/10/2022 16:42, Yadd wrote:
On 09/10/2022 15:26, Paul Gevers wrote:
Hi Yadd,
[For the future, these mails should go to the release team. I'm not
the only one in the team, and there is nothing secret here].
On 09-10-2022 07:44, Yadd wrote:
4 packages are blocked in unstable but I don't
On 09/10/2022 15:26, Paul Gevers wrote:
Hi Yadd,
[For the future, these mails should go to the release team. I'm not the
only one in the team, and there is nothing secret here].
On 09-10-2022 07:44, Yadd wrote:
4 packages are blocked in unstable but I don't understand where is the
problem
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index bf5c2b47
ot; option for writing.
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index f6be653a8..c276c65c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+lemonldap-ng (2.0.11+ds-4+deb11u2) bullseye; urgency=medium
+
+ * Add patch to improve session destroy propagati
testing ?
Cheers,
Yadd
-matrix-sdk).
Cheers,
Yadd
On 30/07/2022 16:45, Paul Gevers wrote:
Control: reopen -1
Control: retitle -1 britney recursive installability test in autopkgtest
Hi Yadd,
On 30-07-2022 15:58, Yadd wrote:
Node.js isn't available on armel, and the consequence will be to not
fix some CVEs/BTS during freeze. Hope none of them
> Hi Jérémy,
>
> On 29-07-2022 19:36, Jérémy Lal wrote:
> > when a package pass all autopkgtests it can migrate in 2 days,
> > however if it depends on an architecture that reports "Not a
> > regression",
> > it seems that the bonus is lost and the package must wait 5 days.
>
> That's by design.
, patch is trivial
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Regexp improvement
Cheers,
Yadd
diff --git
to 0600
Regards,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 75dbfc2..00af70f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-log4js (6.3.0+~cs8.3.10-1+deb11u1) bullseye; urgency=medium
+
+ * Changed default file modes from 0o644 to 0o600 for better
On 21/06/2022 08:30, Salvatore Bonaccorso wrote:
Hi Yadd,
On Sat, May 28, 2022 at 09:20:40PM +0100, Adam D. Barratt wrote:
Control: tags -1 + confirmed
On Mon, 2022-03-21 at 14:09 +0100, Yadd wrote:
node-mermaid is vulnerable to XSS attack (CVE-2021-23648)
Please go ahead.
Could you fix
red error is no more
an error.
Regards,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 9cda1ef..a4bd358 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-got (11.8.1+~cs53.13.17-3+deb11u1) bullseye; urgency=medium
+
+ * Team upload
+ * Don't allow redirection to
/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Cyrus tools now check if mailbox id is really unique.
Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index
1 - 100 of 218 matches
Mail list logo