[Pkg-javascript-devel] Bug#932500: marked as done (vulnerability: CVE-2019-10746: prototype pollution)

Sat, 20 Jul 2019 09:45:28 -0700 

Your message dated Sat, 20 Jul 2019 16:42:02 +0000
with message-id <e1hosqs-0007il...@fasolo.debian.org>
and subject line Bug#932500: fixed in node-mixin-deep 2.0.1-1
has caused the Debian Bug report #932500,
regarding vulnerability: CVE-2019-10746: prototype pollution
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
932500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932500
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: node-mixin-deep
Version: 1.1.3-3
Severity: important

Dear Maintainer,

node-mixin-deep 1.1.3-3  is affected by a prototype pollution vulnerability:
https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
https://github.com/jonschlinkert/mixin-deep/issues/6

Please upgrade to either 1.3.2 or 2.0.1.

Thanks, Paolo



-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages node-mixin-deep depends on:
ii  node-for-in         1.0.2-1
ii  node-is-extendable  1.0.1-1
ii  nodejs              10.15.2~dfsg-2

node-mixin-deep recommends no packages.

node-mixin-deep suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: node-mixin-deep
Source-Version: 2.0.1-1

We believe that the bug you reported is fixed in the latest version of
node-mixin-deep, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 932...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated node-mixin-deep package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Jul 2019 18:00:22 +0200
Source: node-mixin-deep
Architecture: source
Version: 2.0.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Closes: 932500
Changes:
 node-mixin-deep (2.0.1-1) unstable; urgency=medium
 .
   * Team upload
   * Bump debhelper compatibility level to 12
   * Declare compliance with policy 4.4.0
   * Add debian/gbp.conf
   * Move installed files to /usr/share/nodejs
   * New upstream version 2.0.1 (Closes: #932500, CVE-2019-10746)
   * Remove patches now included in upstream
   * Update debian/copyright
Checksums-Sha1: 
 e5ddb35672c77558ec56cdc4a86ba26d6468e557 2125 node-mixin-deep_2.0.1-1.dsc
 256d3e9c2c068abf2507cd2e5216106dbf877f3c 6037 node-mixin-deep_2.0.1.orig.tar.gz
 3c878629d2bcfaf16e0d6ba26a47f9086a3d2205 2520 
node-mixin-deep_2.0.1-1.debian.tar.xz
Checksums-Sha256: 
 5a2689b2f4446c9b8e0fbac82f588ae6e8ad7b52f8aa28798404ab26e0fbd2fc 2125 
node-mixin-deep_2.0.1-1.dsc
 e6e2b1bfc46f55c7d60fa1a378bfac186e96871545e93bbf240a11dd0003001e 6037 
node-mixin-deep_2.0.1.orig.tar.gz
 64ae3661f207b6e694b2ac2d0a3f3197acd947d679d90f76615b862937eef4da 2520 
node-mixin-deep_2.0.1-1.debian.tar.xz
Files: 
 5b17212abf8b2ac16379b7c5fbfd1a03 2125 javascript optional 
node-mixin-deep_2.0.1-1.dsc
 d126111d535e2111aa1bfb7109078e9f 6037 javascript optional 
node-mixin-deep_2.0.1.orig.tar.gz
 2ac84531b8a923aff15e7c16146452aa 2520 javascript optional 
node-mixin-deep_2.0.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl0zOuMACgkQ9tdMp8mZ
7uktvQ/+PKV/HZlP+aWN3AO44/NjV+byeuPq6IG0Lb24PrXjxyNpXeg1+Up4ffaj
mtp0ljGLOm/D9QKBM2yjEmm8Zvaa4men/5K5qDqesxKvW1e9V+rYanxvw0bBKjJM
gbvpqeSrPpZ7w8DjXevdRnsZbMqp24zChwJBy9g0Hpt7i+97MkJe43xexewSWrXv
tz5kx7NPr4b6L6sbAe5Wi1J/frV0r2nWnxS8TrX9qXDTRIWQ3vCrKbMR+TH9vyJg
xNZEsZmJ8IGcC3yUEhzZHCXhqrxbjEknkDtdGoDDbJoeE31Xxf7Gq17JWKWkgaV1
hPopPOlrecEhM6K2TC4C4jtgPwIJ87R2LV/HIjABabvQwo4lCSq0KfycKlWGch17
Nf74+0Mk6u2eXzWuv9H6oyPWtSGJrohzChkCC6ZUK62LHhuYueEcn7k8o/J6miIA
dDldZhDpN0UP/Y1BmDotn8v3lULAz/DLVsl+nZhaRIRUyR69LF41yWac9U97SCk7
FFFCO2uw2xZQ3AjL2L8U+qeVzc+MToXg/NKK6UAaw5Se6fQuNNgcjtrTimjJOhap
XVvyY8oSqGKCrE5fuV4L9MP08aQ54zWiiFqSvIVKQHke2ZChe8jm7R6DHvzdxKvp
tP49ld0OGmIGaoGaY3TF1YjGgVQ3Ex76kfnb4A274NWa4njSIIs=
=tAXJ
-----END PGP SIGNATURE-----

--- End Message ---
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to