Ubuntu
node-rollup package

Backport to Ubuntu 18.04 (and in some cases 20.04)

Bug #1983018 reported by Luís Infante da Câmara
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
node-deepmerge (Ubuntu)
In Progress
Undecided
Unassigned
node-parse-srcset (Ubuntu)
In Progress
Undecided
Unassigned
node-postcss (Ubuntu)
In Progress
Undecided
Unassigned
node-rollup (Ubuntu)
In Progress
Undecided
Unassigned
node-sanitize-html (Ubuntu)
In Progress
Undecided
Unassigned

Bug Description

To fix CVE-2021-32798 in the jupyter-notebook source package for Ubuntu 18.04 and 20.04 (bug #1982670), these packages need to be backported to Ubuntu 18.04 and, when missing, Ubuntu 20.04.

See original description
Luís Infante da Câmara (luis220413)
information type: Private Security → Public Security
Luís Infante da Câmara (luis220413)
Changed in node-deepmerge (Ubuntu):
status: New → In Progress
Changed in node-parse-srcset (Ubuntu):
status: New → In Progress
Changed in node-postcss (Ubuntu):
status: New → In Progress
Changed in node-rollup (Ubuntu):
status: New → In Progress
Changed in node-sanitize-html (Ubuntu):
status: New → In Progress
Changed in node-deepmerge (Ubuntu):
assignee: nobody → Luís Cunha dos Reis Infante da Câmara (luis220413)
Changed in node-parse-srcset (Ubuntu):
assignee: nobody → Luís Cunha dos Reis Infante da Câmara (luis220413)
Changed in node-postcss (Ubuntu):
assignee: nobody → Luís Cunha dos Reis Infante da Câmara (luis220413)
Changed in node-rollup (Ubuntu):
assignee: nobody → Luís Cunha dos Reis Infante da Câmara (luis220413)
Changed in node-sanitize-html (Ubuntu):
assignee: nobody → Luís Cunha dos Reis Infante da Câmara (luis220413)
Changed in node-deepmerge (Ubuntu):
assignee: Luís Cunha dos Reis Infante da Câmara (luis220413) → nobody
Changed in node-postcss (Ubuntu):
assignee: Luís Cunha dos Reis Infante da Câmara (luis220413) → nobody
Changed in node-rollup (Ubuntu):
assignee: Luís Cunha dos Reis Infante da Câmara (luis220413) → nobody
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

I have not added testing to node-parse-srcset in Ubuntu 18.04 because the tests depend on an NPM package that is not packaged in the Ubuntu 18.04 repositories.

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

The version of node-sanitize-html in Jammy does not have tests. I have added a simple test that simply loads the module with require("sanitize-html").

Changed in node-parse-srcset (Ubuntu):
assignee: Luís Cunha dos Reis Infante da Câmara (luis220413) → nobody
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

The packages should be available in my PPA (https://launchpad.net/~luis220413/+archive/ubuntu/security-updates/+packages) in a few minutes.

Changed in node-sanitize-html (Ubuntu):
assignee: Luís Cunha dos Reis Infante da Câmara (luis220413) → nobody
description: updated
Changed in node-sanitize-html (Ubuntu):
assignee: nobody → Luís Cunha dos Reis Infante da Câmara (luis220413)
Luís Infante da Câmara (luis220413)
Changed in node-sanitize-html (Ubuntu):
assignee: Luís Cunha dos Reis Infante da Câmara (luis220413) → nobody
Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

The packages are available in my PPA (https://launchpad.net/~luis220413/+archive/ubuntu/security-updates/+packages).

Revision history for this message
Luís Infante da Câmara (luis220413) wrote :

The changelogs of the updated packages may be incomplete and there may be a few unaddressed Lintian warnings.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.