Your message dated Fri, 19 Jun 2020 18:05:44 +0000 with message-id <e1jmloa-000edz...@fasolo.debian.org> and subject line Bug#963149: fixed in node-elliptic 6.5.3~dfsg-1 has caused the Debian Bug report #963149, regarding node-elliptic: CVE-2020-13822 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 963149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963149 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: node-elliptic Version: 6.5.1~dfsg-2 Severity: important Tags: security upstream Forwarded: https://github.com/indutny/elliptic/issues/226 Hi, The following vulnerability was published for node-elliptic. CVE-2020-13822[0]: | The Elliptic package 6.5.2 for Node.js allows ECDSA signature | malleability via variations in encoding, leading '\0' bytes, or | integer overflows. This could conceivably have a security-relevant | impact if an application relied on a single canonical signature. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-13822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13822 [1] https://github.com/indutny/elliptic/issues/226 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: node-elliptic Source-Version: 6.5.3~dfsg-1 Done: Jonas Smedegaard <d...@jones.dk> We believe that the bug you reported is fixed in the latest version of node-elliptic, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 963...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonas Smedegaard <d...@jones.dk> (supplier of updated node-elliptic package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 19 Jun 2020 19:34:40 +0200 Source: node-elliptic Architecture: source Version: 6.5.3~dfsg-1 Distribution: unstable Urgency: high Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Jonas Smedegaard <d...@jones.dk> Closes: 963149 Changes: node-elliptic (6.5.3~dfsg-1) unstable; urgency=high . [ upstream ] * new release + signature: prevent malleability and overflows closes: bug#963149 (CVE-2020-13822), thanks to Salvatore Bonaccorso . [ Debian Janitor ] * set upstream metadata fields: Bug-Database Bug-Submit . [ Jonas Smedegaard ] * set urgency=high, due to CVE fix Checksums-Sha1: 7671051551210d4797c6f99c022a6e6aae0f660e 2322 node-elliptic_6.5.3~dfsg-1.dsc 1b9f9d3d3861977fbfb019c2b529f46b2c66b39e 847492 node-elliptic_6.5.3~dfsg.orig.tar.xz 2729efa0ac5ab768ac76289da910fa5c53c1d7e4 3872 node-elliptic_6.5.3~dfsg-1.debian.tar.xz d4b13c9d58e68d81fcea88cd1e89dc7352ffcf9c 9365 node-elliptic_6.5.3~dfsg-1_amd64.buildinfo Checksums-Sha256: f1155fc664a96c724366764ca0bbd3d5fa39607d82feea47df889431f61b16c2 2322 node-elliptic_6.5.3~dfsg-1.dsc 0918673babcdcdc2203a9f27bb2dd26fc400eecbd1b3a7c0c100a1fd2b444c3d 847492 node-elliptic_6.5.3~dfsg.orig.tar.xz b759addbb2331e4dc91926b9ab87173b8e7198972da0ca2a43e39f1774245e89 3872 node-elliptic_6.5.3~dfsg-1.debian.tar.xz d8e9ea41c12fdb4d8a10418fca81f186ad5b965bff998d497b950afef718a5c7 9365 node-elliptic_6.5.3~dfsg-1_amd64.buildinfo Files: 850fef09e8482fd8283921737a981487 2322 web optional node-elliptic_6.5.3~dfsg-1.dsc c82ba6341896c0ff9f7b0e1c6b0b595e 847492 web optional node-elliptic_6.5.3~dfsg.orig.tar.xz 3852fe10f71acc7426e83a2121a3a8f3 3872 web optional node-elliptic_6.5.3~dfsg-1.debian.tar.xz bb8935cdbeaa5cb28be9166ed2927ed1 9365 web optional node-elliptic_6.5.3~dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAl7s+RgACgkQLHwxRsGg ASG0xw//caEXOEo+s1bq9SfYYLqsC/o8TLjvIJKoDNtfHnQeZm2U8AmkmK/VgMqv ude5QXojVvBQMnIIReKKr1XG1oAESAkQrC1pBHS4THI+MbLMXgefXOicUnsnDAgu cXI7cbpYoAZqeuEiLH2mgsJlUMDW4SBAlcYvskyXkARn/9LG1S9Iqg6074EF4lOK iArMoAqzrA+etibN1AKd8ZlqlphQF8Ov4aSy+EgVThq5GYe0Bz082tB5Gs6kTJUK cGUJREc/TD66D6CzWGennZwlrVBeeUWrvz+ZNKqSWYfma8KXdgAWF3DRtIYKsUvK 7hlVWg9cXIZDg5zE5uKfl86elEG9frJmxTDPR07jkOUYVp27+zX6WPCAByINSIkB T4FGNfY7F7dHsdhy7C1HtlJGDT++eax6r4wZ17e8GJPOgSnsq81JGRJprxbmmV48 7OoZ4k5V0QjU0XNTiqIjIs5khTULWmwRZ3Z45n9e7ZYO7+dqzJw0Wx1tPStRJmOr G+dg59RIxmInGtrt2csNmvphxDF+8QrZ0wYpdwLxVJFjBL/4zPxEu7BMYK4EV+eu p6g4wjK67s31DVEjC02P3746GWFoyvSqvGeXDvHQlyfoTsO5zW3XujGKWTasnrk3 OsYGyTyIFlmOgs2x2kq9w6i5iGzku2/pBCP98a6MYI0uEbNQn8I= =Ftnz -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
