Bug#1003765: bullseye-pu: package node-markdown-it/10.0.0+dfsg-2+deb11u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1003765: bullseye-pu: package node-markdown-it/10.0.0+dfsg-2+deb11u1
From: Yadd <yadd@debian.org>
Date: Sat, 15 Jan 2022 12:52:20 +0100
Message-id: <[🔎] 164224754012.1481694.10962099948878769963.reportbug@deb007.xnr.fr>
Reply-to: Yadd <yadd@debian.org>, 1003765@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

[ Reason ]
node-markdown-it is vulnerable to regex denial of service
(CVE-2022-21670)

[ Impact ]
Little security issue

[ Tests ]
Test passed

[ Risks ]
Low risk, just a better check

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Replace regex by substitute

Same patch applied to unstable.

Cheers,
Yadd

Reply to:

Follow-Ups:
- Bug#1003765: bullseye-pu: package node-markdown-it/10.0.0+dfsg-2+deb11u1
  - From: Yadd <yadd@debian.org>

Prev by Date: Re: please ignore pocl autopkgtest failure on ppc64el
Next by Date: Bug#1003765: bullseye-pu: package node-markdown-it/10.0.0+dfsg-2+deb11u1
Previous by thread: Re: please ignore pocl autopkgtest failure on ppc64el
Next by thread: Bug#1003765: bullseye-pu: package node-markdown-it/10.0.0+dfsg-2+deb11u1
Index(es):
- Date
- Thread