Hi, On Wed, Mar 15, 2023 at 06:33:08AM +0400, Yadd wrote: > Please unblock package node-sqlite3 > > [ Reason ] > A code execution vulnerability was discover in node-sqlite3 due to the > underlying implementation of .toString(). It is then possible to execute > arbitrary JavaScript or to achieve a denial-of-service. if a binding > parameter is a crafted object. > (CVE-2022-43441)
It's a bit noisy with the other stuff from the upstream release, but I can see the argument for sticking with it rather than cherry-picking. Unblocked. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
