XPost: linux.debian.devel.release
This is a multi-part MIME message sent by reportbug.
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc:
node-send@packages.debian.org,
yadd@debian.org
Control: affects -1 + src:node-send
User:
release.debian.org@packages.debian.org
Usertags: pu
[ Reason ]
node-send is vulnerable to XSS issue (#1081483, CVE-2024-43799)0
[ Impact ]
Medium security issue
[ Tests ]
Test updated in patch
[ Risks ]
Low risk, patch is trivial
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Don't insert data from user into HTML code
Cheers,
Xavier
ZGlmZiAtLWdpdCBhL2RlYmlhbi9jaGFuZ2Vsb2cgYi9kZWJpYW4vY2hhbmdlbG9nCmluZGV4IDA5 YmY3YjguLjBlODdiOWMgMTAwNjQ0Ci0tLSBhL2RlYmlhbi9jaGFuZ2Vsb2cKKysrIGIvZGViaWFu L2NoYW5nZWxvZwpAQCAtMSwzICsxLDkgQEAKK25vZGUtc2VuZCAoMC4xOC4wK35jczEuMTkuMS0z K2RlYjEydTEpIGJvb2t3b3JtOyB1cmdlbmN5PW1lZGl1bQorCisgICogRml4IFhTUyBpc3N1ZSAo Q2xvc2VzOiAjMTA4MTQ4MywgQ1ZFLTIwMjQtNDM3OTkpCisKKyAtLSBZYWRkIDx5YWRkQGRlYmlh bi5vcmc+ICBNb24sIDA3IEFwciAyMDI1IDE1OjI1OjQ2ICswMjAwCisKIG5vZGUtc2VuZCAoMC4x OC4wK35jczEuMTkuMS0zKSB1bnN0YWJsZTsgdXJnZW5jeT1tZWRpdW0KIAogICAqIEFkZCBCcmVh a3M6IG5vZGUtZXhwcmVzcyA8IDQuMTguMX4KZGlmZiAtLWdpdCBhL2RlYmlhbi9wYXRjaGVzL0NW RS0yMDI0LTQzNzk5LnBhdGNoIGIvZGViaWFuL3BhdGNoZXMvQ1ZFLTIwMjQtNDM3OTkucGF0Y2gK bmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMC4uYjBlOGNkNwotLS0gL2Rldi9udWxs CisrKyBiL2RlYmlhbi9wYXRjaGVzL0NWRS0yMDI0LTQzNzk5LnBhdGNoCkBAIC0wLDAgKzEsNDMg QEAKK0Rlc2NyaXB0aW9uOiBmaXggWFNTIGlzc3VlIENWRS0yMDI0LTQzNzk5CitBdXRob3I6IFVs aXNlcyBHYXNjw7NuIDxodHRwczovL2dpdGh1Yi5jb20vVWxpc2VzR2FzY29uPiwKKyBDaHJpcyBk ZSBBbG1laWRhIDxodHRwczovL2dpdGh1Yi5jb20vY3RjcGlwPgorT3JpZ2luOiB1cHN0cmVhbSwg aHR0cHM6Ly9naXRodWIuY29tL3BpbGxhcmpzL3NlbmQvY29tbWl0L2FlNGYyOTg5CitCdWc6IGh0 dHBzOi8vZ2l0aHViLmNvbS9waWxsYXJqcy9zZW5kL3NlY3VyaXR5L2Fkdmlzb3JpZXMvR0hTQS1t NmZ2LWptY2ctNGpmZworQnVnLURlYmlhbjogaHR0cHM6Ly9idWdzLmRlYmlhbi5vcmcvMTA4MTQ4 MworRm9yd2FyZGVkOiBub3QtbmVlZGVkCitBcHBsaWVkLVVwc3RyZWFtOiAwLjE5LjAsIGNvbW1p dDphZTRmMjk4OQorUmV2aWV3ZWQtQnk6IFlhZGQgPHlhZGRAZGViaWFuLm9yZz4KK0xhc3QtVXBk YXRlOiAyMDI1LTA0LTA3CisKKy0tLSBhL2luZGV4LmpzCisrKysgYi9pbmRleC5qcworQEAgLTQ4 Miw4ICs0ODIsNyBAQAorICAgfQorIAorICAgdmFyIGxvYyA9IGVuY29kZVVybChjb2xsYXBzZUxl YWRpbmdTbGFzaGVzKHRoaXMucGF0aCArICcvJykpCistICB2YXIgZG9jID0gY3JlYXRlSHRtbERv Y3VtZW50KCdSZWRpcmVjdGluZycsICdSZWRpcmVjdGluZyB0byA8YSBocmVmPSInICsgZXNjYXBl SHRtbChsb2MpICsgJyI+JyArCistICAgIGVzY2FwZUh0bWwobG9jKSArICc8L2E+JykKKysgIHZh ciBkb2MgPSBjcmVhdGVIdG1sRG9jdW1lbnQoJ1JlZGlyZWN0aW5nJywgJ1JlZGlyZWN0aW5nIHRv ICcgKyBlc2NhcGVIdG1sKGxvYykpCisgCisgICAvLyByZWRpcmVjdAorICAgcmVzLnN0YXR1c0Nv ZGUgPSAzMDEKKy0tLSBhL3Rlc3Qvc2VuZC5qcworKysrIGIvdGVzdC9zZW5kLmpzCitAQCAtMzU4 LDcgKzM1OCw3IEBACisgICAgICAgICAuZ2V0KCcvcGV0cycpCisgICAgICAgICAuZXhwZWN0KCdM b2NhdGlvbicsICcvcGV0cy8nKQorICAgICAgICAgLmV4cGVjdCgnQ29udGVudC1UeXBlJywgL2h0 bWwvKQorLSAgICAgICAgLmV4cGVjdCgzMDEsIC8+UmVkaXJlY3RpbmcgdG8gPGEgaHJlZj0iXC9w ZXRzXC8iPlwvcGV0c1wvPFwvYT48LywgZG9uZSkKKysgICAgICAgIC5leHBlY3QoMzAxLCAvPlJl ZGlyZWN0aW5nIHRvIFwvcGV0c1wvPC8sIGRvbmUpCisgICAgIH0pCisgCisgICAgIGl0KCdzaG91 bGQgcmVzcG9uZCB3aXRoIGRlZmF1bHQgQ29udGVudC1TZWN1cml0eS1Qb2xpY3knLCBmdW5jdGlv biAoZG9uZSkgeworQEAgLTM4Niw3ICszODYsNyBAQAorICAgICAgICAgLmdldCgnL3Nub3cnKQor ICAgICAgICAgLmV4cGVjdCgnTG9jYXRpb24nLCAnL3Nub3clMjAlRTIlOTglODMvJykKKyAgICAg ICAgIC5leHBlY3QoJ0NvbnRlbnQtVHlwZScsIC9odG1sLykKKy0gICAgICAgIC5leHBlY3QoMzAx LCAvPlJlZGlyZWN0aW5nIHRvIDxhIGhyZWY9Ilwvc25vdyUyMCVFMiU5OCU4M1wvIj5cL3Nub3cl MjAlRTIlOTglODNcLzxcL2E+PC8sIGRvbmUpCisrICAgICAgICAuZXhwZWN0KDMwMSwgLz5SZWRp cmVjdGluZyB0byBcL3Nub3clMjAlRTIlOTglODNcLzwvLCBkb25lKQorICAgICB9KQorICAgfSkK KyAKZGlmZiAtLWdpdCBhL2RlYmlhbi9wYXRjaGVzL3NlcmllcyBiL2RlYmlhbi9wYXRjaGVzL3Nl cmllcwppbmRleCA1ZmUwZTRjLi5lNDU0NjY3IDEwMDY0NAotLS0gYS9kZWJpYW4vcGF0Y2hlcy9z ZXJpZXMKKysrIGIvZGViaWFuL3BhdGNoZXMvc2VyaWVzCkBAIC0xLDIgKzEsMyBAQAogZGlzYWJs ZS1mYWlsaW5nLXRlc3QucGF0Y2gKIGZpeC1mb3ItbWltZS0yLnBhdGNoCitDVkUtMjAyNC00Mzc5 OS5wYXRjaAo=
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)