Hi [CC'ing the security team alias]
On Fri, Jun 30, 2023 at 08:12:37PM +0200, Jérémy Lal wrote: > Hi, > > Le ven. 30 juin 2023 à 19:21, Salvatore Bonaccorso <car...@debian.org> a > écrit : > > > Source: nodejs > > Version: 18.13.0+dfsg1-1 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: car...@debian.org, Debian Security Team < > > t...@security.debian.org> > > > > Hi, > > > > The following vulnerabilities were published for nodejs. > > > > CVE-2023-30581[0], CVE-2023-30588[1], CVE-2023-30589[2] and > > CVE-2023-30590[3]. > > > > > > If you fix the vulnerabilities please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > > > It would be interesting to know if we adopt the same plan we had with > security team: > full upstream updates in the same branch, 18.x here. Yes I think we can do the same for bookworm and follow the 18.x releases given it is a LTS branch. Unless you have some reason to believe it would not be wise to do for the 18.x series. Regards, Salvatore -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel