Source: http-parser Version: 2.9.2-2 Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ is for nodejs, but the underlying issue is in http-parser, which Debian's nodejs uses. This is already fixed in experimental, if this can't be used there's also an isolated patch at https://github.com/nodejs/http-parser/commit/7d5c99d09f6743b055d53fc3f642746d9801479b Cheers, Moritz
