Control: tags -1 moreinfo Hi,
On Sun, 20 Jul 2025 11:21:45 +0200 Bastien Roucaries <ro...@debian.org> wrote:
[ Reason ] Affected by a ReDoS (outside upstream security support) but this block autopkgtest for angular.js affected by about 10 CVEs
Can you please explain why upstream declined your patch and why we should carry it? Are reverse dependencies using this package for use cases it wasn't intended for (and not supported upstream)? Please assume I know nearly nothing about the node ecosystem.
Paul
OpenPGP_signature.asc
Description: OpenPGP digital signature
