Your message dated Wed, 08 May 2019 17:48:29 +0000
with message-id <e1hoqg9-0007pg...@fasolo.debian.org>
and subject line Bug#928673: fixed in node-mqtt-packet 6.0.0-2
has caused the Debian Bug report #928673,
regarding node-mqtt-packet: CVE-2019-5432
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
928673: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928673
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-mqtt-packet
Version: 6.0.0-1
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for node-mqtt-packet.
CVE-2019-5432[0]:
| A specifically malformed MQTT Subscribe packet crashes MQTT Brokers
| using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0
| - 5.6.1, 6.0.0 - 6.1.2 for decoding.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-5432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5432
[1] https://hackerone.com/reports/541354
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-mqtt-packet
Source-Version: 6.0.0-2
We believe that the bug you reported is fixed in the latest version of
node-mqtt-packet, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 928...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated node-mqtt-packet package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 08 May 2019 19:27:08 +0200
Source: node-mqtt-packet
Architecture: source
Version: 6.0.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Closes: 928673
Changes:
node-mqtt-packet (6.0.0-2) unstable; urgency=medium
.
* Team upload
* Add upstream/metadata
* Declare compliance with policy 4.3.0
* Fix malformed subscribe crash (Closes: #928673, CVE-2019-5432)
* Fix debian/copyright format url
* Enable upstream test during build
Checksums-Sha1:
b6478590aadcd1ece464400a111ea2f5abc7a30a 2264 node-mqtt-packet_6.0.0-2.dsc
d90f420ac22f4dbab5e34e39bab14fb1d24f61e4 4252
node-mqtt-packet_6.0.0-2.debian.tar.xz
Checksums-Sha256:
64f9eb0988412e2dbfea0fe71b27b85b95c641a9f5c221da97fd31e5378c597c 2264
node-mqtt-packet_6.0.0-2.dsc
b281acc03946e3820b4f6dcc316d0bf49b04bc96788a5d48e99995df7210117f 4252
node-mqtt-packet_6.0.0-2.debian.tar.xz
Files:
55a3f9ca35d0a873c65bf0194bbfec95 2264 javascript optional
node-mqtt-packet_6.0.0-2.dsc
ad236d73a556aff25299e20d409a1592 4252 javascript optional
node-mqtt-packet_6.0.0-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAlzTEeEACgkQ9tdMp8mZ
7umFUw/+JY7Wo8ULQd6FUEcjIXLLWMRpDewlDs+bPhWkky7NfvR6Ws03MoEY33rB
FFWVy3jrCnsOPkbM+nUxXnRe336LyoIuxkHCWYqAvpc30uC4swS96TbhR+mMmO4+
XKWiULVpZecUn1Kx0ACS85tJ9qJ1OeRAbsU+8G7W/lkskqOxrikFdollc4lQd5zS
YuoTHvveARDfx3lU2hchSgdZvoMxy9jnqLrGHoMPv/gThtjR+Sldt0tMDnNpgvOO
2376xO5nATpnMaxTPz5R/tFddhYK5N8zPqGhJbqtCij/PwCEIo/+31kpPw2KSSF/
fQs4jS4JFKFkx68WWn2wKtne0T+AL0rsEBJCVjBjkjtiecNajtTIvL2iopzvIHtM
difsbaknyxYig0noLltaQUaLuKJLHP4Flej4YaWX6dND59f8gTUezmSp42VGqEz0
C5IuzaGTULrWb1Gq0cG0R63B30t5C48g+Eo9DK1yjsyE8T49BSg39DKN3YJNhjF0
GQ340ds652N6HYL572tKlXsaSMkkbIzZOtkgg6+iQJxjc9QA/mrM8zbJZ/jg9eVA
es6FH5bhmgAQKNyeKyyKAhwGElTHWZoIoz3x7RKWY9bA4lPqv0ETi1IUghT9bjD7
mHZl0xIWvRNb1nDJAMFbscNET3BluSWl1H41NKfrCcBBj+gUrHw=
=wJX/
-----END PGP SIGNATURE-----
--- End Message ---
