Your message dated Fri, 20 Nov 2020 19:02:08 +0000
with message-id <e1kgbfc-000gov...@fasolo.debian.org>
and subject line Bug#972895: fixed in node-pathval 1.1.0-3+deb10u1
has caused the Debian Bug report #972895,
regarding node-pathval: CVE-2020-7751
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
972895: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972895
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-pathval
Version: 1.1.0-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/chaijs/pathval/pull/58
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-pathval.
* CVE-2020-7751[0]
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-7751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7751
[1] https://github.com/chaijs/pathval/pull/58
[2] https://snyk.io/vuln/SNYK-JS-PATHVAL-596926
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-pathval
Source-Version: 1.1.0-3+deb10u1
Done: Xavier Guimard <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-pathval, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 972...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated node-pathval package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 26 Oct 2020 04:44:16 +0100
Source: node-pathval
Architecture: source
Version: 1.1.0-3+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Closes: 972895
Changes:
node-pathval (1.1.0-3+deb10u1) buster; urgency=medium
.
* Fix prototype pollution (Closes: #972895, CVE-2020-7751)
Checksums-Sha1:
a4e04503483954ae3bdd8420035daf0b021e5ed9 2010 node-pathval_1.1.0-3+deb10u1.dsc
8e85f3719cfe8de4f3322b2c2815c176df084991 2656
node-pathval_1.1.0-3+deb10u1.debian.tar.xz
Checksums-Sha256:
f8448858f524ee4e66b96f39ec4bc6b5b6dae166658bce4951d0e15f82ee0361 2010
node-pathval_1.1.0-3+deb10u1.dsc
d940a4f27e5feb357006062fcba9aa7a77a3a6057e45993cc28bbf02dbdaf8fa 2656
node-pathval_1.1.0-3+deb10u1.debian.tar.xz
Files:
ffa747acbf5c67bf0cb678d700a6cace 2010 javascript optional
node-pathval_1.1.0-3+deb10u1.dsc
4570d23d7c4ba54a69d6b32d8c42a5f0 2656 javascript optional
node-pathval_1.1.0-3+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl+3UZ4ACgkQ9tdMp8mZ
7uneTQ/+PIpmE7Z3Df57470sxpf3w3EzPPvnWzRMJa3OAQD/JftWhgSNmjxE6jiy
YMl3c0wnBP94UqUlcpqmpS5pivUHrVPduaXW56ASZeazpKW+UYL7ZDL5umIiROoL
GItdZtZhHz+AdfQfpGM2nEhj6i8HLokhRmkgHwtGChpUUDI1NXPVQmSQ+wIhLbDL
mlyv6AAI7tKeWGfJN6N5EAOBQ4MGJeikXX8UqFjnJCRXMAW/kxA5bElqRMGorxAO
0di6eK1TSVpU8h0LI4g2cJj1RwneQRoxqUVRqaoobII2jyCTm9SG/6o90MA47CcC
VnMpmiUJy8qc2u3LUOmrySWyy67IFd/q9P5J0Vdx83pdUyz3QMEX972A24y1EEqs
RAXb2lnNmgDVjy7vAed04Vay4KCgwnrWOkhpYbaf/CqS1qGra3++MfRFteG12Qgx
a6c8Pe3teHcY5wtGT7EtXp0Cv8698RzybqcjvdNGjrm4qHsRCAT2QP5iL3bp+oI8
WsJiEoxeM42K7QXuedcRzdTrKmfgDONBTnieFL1PWpsn9UeTeLRjm5wiqzGH0fZZ
Oe8ZgDIA6CKqT5bhz7Dy73Qc8LKV5dEqvPaUaHzYlp5iehFAjZ/ger6thhuz8iUS
bAdNBSKCjl4RBKzLhQ8Oz1s8CTClF6dkhOv3XWbpIJgl/lUwd+E=
=7z/f
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
