Your message dated Fri, 05 Jun 2020 07:18:56 +0000 with message-id <e1jh6cy-000ivd...@fasolo.debian.org> and subject line Bug#962145: fixed in nodejs 12.18.0~dfsg-1 has caused the Debian Bug report #962145, regarding nodejs: CVE-2020-11080 CVE-2020-8172 CVE-2020-8174 (June 2020 security release) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 962145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nodejs Version: 10.20.1~dfsg-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 10.19.0~dfsg1-1 Hi, The following vulnerabilities were published for nodejs. CVE-2020-11080[0]: HTTP/2 Large Settings Frame DoS CVE-2020-8172[1]: TLS session reuse can lead to host certificate verification bypass CVE-2020-8174[2]: napi_get_value_string_*() allows various kinds of memory corruption If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-11080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080 [1] https://security-tracker.debian.org/tracker/CVE-2020-8172 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8172 [2] https://security-tracker.debian.org/tracker/CVE-2020-8174 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174 [3] https://nodejs.org/en/blog/vulnerability/june-2020-security-releases Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nodejs Source-Version: 12.18.0~dfsg-1 Done: =?utf-8?b?SsOpcsOpbXkgTGFs?= <kapo...@melix.org> We believe that the bug you reported is fixed in the latest version of nodejs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 962...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Jun 2020 09:07:20 +0200 Source: nodejs Architecture: source Version: 12.18.0~dfsg-1 Distribution: experimental Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net> Changed-By: Jérémy Lal <kapo...@melix.org> Closes: 962145 Changes: nodejs (12.18.0~dfsg-1) experimental; urgency=medium . * New upstream version 12.18.0~dfsg. Closes: #962145. * Security fixes: + CVE-2020-11080 + CVE-2020-8172 + CVE-2020-8174 * Build-Depends nghttp2 >= 1.41.0 Checksums-Sha1: 94e5afdffc6c42c29fc2a32f2a1a6f92bca9b890 3103 nodejs_12.18.0~dfsg-1.dsc e39d5e955e45f7c8d688758e5e839441bf961a1f 18122988 nodejs_12.18.0~dfsg.orig.tar.xz f43d2c52b4bd00c658a7db492f537904c10b27fc 131604 nodejs_12.18.0~dfsg-1.debian.tar.xz a0925f768a126107979d6f2415d2198ef21c37bd 13757 nodejs_12.18.0~dfsg-1_source.buildinfo Checksums-Sha256: 20b2230180531e4bc656d156d80930c33fe5f74de099bc44609a0514d918bb5d 3103 nodejs_12.18.0~dfsg-1.dsc b8e5e94888fb2a88b0bfca620b7401243104620d01adfe376fac91775787bae9 18122988 nodejs_12.18.0~dfsg.orig.tar.xz ae8949671a0a8a41f05c76aa61f8e4999fc33241ef031ddacd66575f18780e30 131604 nodejs_12.18.0~dfsg-1.debian.tar.xz 990628f801e514b2a7ecba5b2e24e6da8f52cd5ef995836d536f18ed3131ee78 13757 nodejs_12.18.0~dfsg-1_source.buildinfo Files: 30de2976c99050046fd4bac5932573c5 3103 javascript optional nodejs_12.18.0~dfsg-1.dsc 1902c93988d8d2ef3151736941b40d3e 18122988 javascript optional nodejs_12.18.0~dfsg.orig.tar.xz 3b18e84d6ea13bd34843798242043dae 131604 javascript optional nodejs_12.18.0~dfsg-1.debian.tar.xz 74b1185fa5f27fd398d859834111e484 13757 javascript optional nodejs_12.18.0~dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl7Z70MSHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN0woUP/0/mJSb1WuuWrzLruXL3hEiq/wVP7l97 MEDKR5QFtsqjY0DPdz1qywqivI59bNSb7FQWmgwtPLkz5/yzCSFcWk7rvrfkv5eh /m1GX3FlyZ4BqYiPW5yfJ8N7FqedbKN2FG/3t7j6W+AQ+8FVhOgtPbuM+oelahgy Z3tYw5ZzWBM58dtZPZSxa6w/6JiO+Gdt6QHNsTdIkN9qOwNfBnyZg5NDXo6cxAve M7kM4maR6t9Zk4y6TdsSBMOjwPFMslvAZv95DSr56GBQpa5KO+fbD9ygeKCtkLDP VqjJ8DcAqVe08ucg3a3RHICAW2v8vehqjdJwJuPneA7TH3rRHaxL3rVMoHy7IIu9 QIqwsOjDFqyAIV+no7lK6ZjlQZqTZp9zhpB9MSEBqwuQt1nWRuO1pU68SPeYsbyw pfJtvQF3rq87dMqewvUFkIbFB0x8Nx/k8A8LUABtBxcc8kECvECx+5lHkEsd9F+7 VaAoaRIuW2A+zx5iOhiz4NyA+TUGQkZiJjGZiardRk4ASbbAt5EwmmGI3j44lgts uHRg4IIynLiU67AIaphJaDrzAnOj2ndS9V8Nub6yCvQ1ujzoAZdWdLoDo367DyQP +ZxZkHyj0uyuP+pACw+P7GNPAG34hALb7G7k380Y2VOk/fNSzE0ZliXBP+037Dsq Ilk9YAyRSiml =tkOg -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
