Hi Yadd, hi Moritz, On Sat, Oct 12, 2024 at 07:37:45PM +0200, Yadd wrote: > On 10/12/24 18:08, Moritz Mühlenhoff wrote: > > On Sat, Oct 12, 2024 at 04:14:14PM +0200, Yadd wrote: > > > Hi, > > > > > > here is a debdiff for bookworm > > > > Please upload to security-master, thanks! > > > > Cheers, > > Moritz > > Hi, > > it's done
Please correct me if I'm wrong, but haven't we here introduced now CVE-2024-45801 for bookworm? The GHSA-gx9m-whjm-85jf mentioned to be cautious when cherry-picking commits, in fact the commit 0ef5e537a514f904b6aa1d7ad9e749e365d7185f introduces then CVE-2024-45801. Do we need now a followup to fix node-dompurify in bookworm for CVE-2024-45801? Regards, Salvatore
