Bug#1003765: bullseye-pu: package node-markdown-it/10.0.0+dfsg-2+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
[ Reason ]
node-markdown-it is vulnerable to regex denial of service
(CVE-2022-21670)
[ Impact ]
Little security issue
[ Tests ]
Test passed
[ Risks ]
Low risk, just a better check
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Replace regex by substitute
Same patch applied to unstable.
Cheers,
Yadd
Reply to: