[Pkg-javascript-devel] Bug#972895: marked as done (node-pathval: CVE-2020-7751)

Sun, 25 Oct 2020 14:54:53 -0700 

Your message dated Sun, 25 Oct 2020 21:51:30 +0000
with message-id <e1kwnvg-0008ut...@fasolo.debian.org>
and subject line Bug#972895: fixed in node-pathval 1.1.0-4
has caused the Debian Bug report #972895,
regarding node-pathval: CVE-2020-7751
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
972895: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972895
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: node-pathval
Version: 1.1.0-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/chaijs/pathval/pull/58
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for node-pathval.

 * CVE-2020-7751[0]

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-7751
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7751
[1] https://github.com/chaijs/pathval/pull/58
[2] https://snyk.io/vuln/SNYK-JS-PATHVAL-596926

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: node-pathval
Source-Version: 1.1.0-4
Done: Xavier Guimard <y...@debian.org>

We believe that the bug you reported is fixed in the latest version of
node-pathval, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 972...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated node-pathval package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 Oct 2020 22:29:15 +0100
Source: node-pathval
Architecture: source
Version: 1.1.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Closes: 972895
Changes:
 node-pathval (1.1.0-4) unstable; urgency=medium
 .
   * Team upload
 .
   [ Debian Janitor ]
   * Use secure copyright file specification URI.
   * Bump debhelper from old 11 to 12.
   * Set debhelper-compat version in Build-Depends.
   * Set upstream metadata fields: Repository.
   * Update standards version to 4.2.1, no changes needed.
 .
   [ Xavier Guimard ]
   * Bump debhelper compatibility level to 13
   * Declare compliance with policy 4.5.0
   * Add "Rules-Requires-Root: no"
   * Add debian/gbp.conf
   * Fix prototype pollution (Closes: #972895, CVE-2020-7751)
   * Use dh-sequence-nodejs
   * Update copyright
   * Enable upstream test using mocha
Checksums-Sha1: 
 c10e6e979059febb14a072cd3d2e51db1a9046dc 2058 node-pathval_1.1.0-4.dsc
 bae2afab2530ba29110dd1b42c576b6aea3ccb18 3924 
node-pathval_1.1.0-4.debian.tar.xz
Checksums-Sha256: 
 8a3aa0ea55014109a78448b2d74b03b7e60d8aa5963ac793e97280cea1ff389f 2058 
node-pathval_1.1.0-4.dsc
 99f6e497b190e24ce47104a408cc1080113d9f1fb7f3ba64de9b0b8198d54c0b 3924 
node-pathval_1.1.0-4.debian.tar.xz
Files: 
 8c3d55366a8e732c97129dcd919150cc 2058 javascript optional 
node-pathval_1.1.0-4.dsc
 2b56e7496c6869eda9a60b537deab9f1 3924 javascript optional 
node-pathval_1.1.0-4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl+V7rMACgkQ9tdMp8mZ
7unCCQ//aYWzuJKyyqanqS5QY1+YUoPbDlZjfShuS5IuM64/3D4/tuLZ8a3VbK6S
eOPlN4lGnUb6jjo2+0DvOSi/l7dkwQtNqfRIkUQXtMArcGWMB84dq/sqnzGjZjiV
bGwvoB7gPRVh3voTvglyauHAqLhC13y3jnc0G6c2iyuQCiu6+vd0Oewy4soVu73r
/r0yQshsmVWHkSpQSavqDgTq48ZuapGZ+vQKFisqJsaR3P6K4qiK+VC1cDLIvrkQ
cuGVio19KQnG7gLHDYTKoEcG2PcUr87nUjAmZ0Q1hGXTRGDI7GBD7lENHzslrigx
xKaufQfvTPIiiy4GkQRi0+JcEYU6+lGnN6UGbGRgeSeu0J3imPO/0KGrZ41ppJ4r
b7xwbx3xTzWx7IXuiU/yfKFyyMuz/FeIvdh6KOgKNAD53b5DmyT+Q73/zXKrK1KW
bqsZn2TI+8dzfI43OKVnqhEEWLMGNSvlJj2mfoNW3GayfP0p8rabEMMi8msi0NQo
iefJZ17E7Hef4UjS/qiYZy4Mjv94yec32LDBXw1ejSXGk2wJjKYe7LRZwj42t7XH
unr0Oz5xfH+oXKXEkKivkl3iDw6h7pzwnsnrqVv0yQ2vThMtwJTlFxeiOJQis8+s
V+UcUcgHO/ZWozu1ZPhGHNaY4OxUEUIUIBb4G0v7a8cmvnOCviY=
=JVCh
-----END PGP SIGNATURE-----

--- End Message ---
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to