Your message dated Sat, 13 Mar 2021 07:33:41 +0000 with message-id <e1lkyml-0001ya...@fasolo.debian.org> and subject line Bug#985086: fixed in node-lodash 4.17.21+dfsg+~cs8.31.173-1 has caused the Debian Bug report #985086, regarding CVE-2021-23337 CVE-2020-28500 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 985086: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: node-lodash Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> CVE-2021-23337: https://snyk.io/vuln/SNYK-JS-LODASH-1040724 CVE-2020-28500: https://snyk.io/vuln/SNYK-JS-LODASH-1018905 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: node-lodash Source-Version: 4.17.21+dfsg+~cs8.31.173-1 Done: Yadd <y...@debian.org> We believe that the bug you reported is fixed in the latest version of node-lodash, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 985...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd <y...@debian.org> (supplier of updated node-lodash package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 13 Mar 2021 08:08:00 +0100 Source: node-lodash Architecture: source Version: 4.17.21+dfsg+~cs8.31.173-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Yadd <y...@debian.org> Closes: 985086 Changes: node-lodash (4.17.21+dfsg+~cs8.31.173-1) unstable; urgency=medium . * Team upload . [ Pirate Praveen ] * Fix symbolic link for lodash.fp.js . [ Yadd ] * Add ctype=nodejs to component(s) * New upstream version 4.17.21+dfsg+~cs8.31.173 (Closes: #985086, CVE-2021-23337 CVE-2020-28500) * Refresh patches Checksums-Sha1: 7052ac130d8661ed5dacc5b3f9a2dcf8076400b5 3083 node-lodash_4.17.21+dfsg+~cs8.31.173-1.dsc 61f62ef33f5ff389f087ed5c489349093942dfb6 41560 node-lodash_4.17.21+dfsg+~cs8.31.173.orig-lodash-cli.tar.xz c2f82dcdcaddc2b83d47e59261ec0c170cceaed7 75612 node-lodash_4.17.21+dfsg+~cs8.31.173.orig-types-lodash.tar.xz 81762950fe8229618001fdb561378fc8f0981d4d 576176 node-lodash_4.17.21+dfsg+~cs8.31.173.orig.tar.xz b7dc7f863394bdb18ead44e45ae16258497cf994 7156 node-lodash_4.17.21+dfsg+~cs8.31.173-1.debian.tar.xz Checksums-Sha256: d5662af44c8ff77bb5728e9e820aa4f2f85b99a1ff2e98ef1e598dc7783e874f 3083 node-lodash_4.17.21+dfsg+~cs8.31.173-1.dsc 60211e46cf49a805fced79175317505a6337b440ea3e0e37a3b78ec7d3ce7366 41560 node-lodash_4.17.21+dfsg+~cs8.31.173.orig-lodash-cli.tar.xz 82fad02c44e7d4643eb6cff72b37fd31cd1985827147c7bc1fcce48db66e460a 75612 node-lodash_4.17.21+dfsg+~cs8.31.173.orig-types-lodash.tar.xz cd29276e76663f2eed86aa7adb3017fef7631777ac33f2355e19e1e07ad7f7a9 576176 node-lodash_4.17.21+dfsg+~cs8.31.173.orig.tar.xz e22e74995f48d0f7c0d8585a73ef1bda454e76b9506d75aa38644e6683fe2fe2 7156 node-lodash_4.17.21+dfsg+~cs8.31.173-1.debian.tar.xz Files: 08757de54937995e5d5585a4e72e046a 3083 javascript optional node-lodash_4.17.21+dfsg+~cs8.31.173-1.dsc b2217589333a9b2e1dd198bdfa1f3948 41560 javascript optional node-lodash_4.17.21+dfsg+~cs8.31.173.orig-lodash-cli.tar.xz ee87f94ababe513cb4a32a4480cc3eb1 75612 javascript optional node-lodash_4.17.21+dfsg+~cs8.31.173.orig-types-lodash.tar.xz 0dc3289b0bd047a1bb177476a1c2495a 576176 javascript optional node-lodash_4.17.21+dfsg+~cs8.31.173.orig.tar.xz be3f70e8f3c115c65185b3a13f3519ca 7156 javascript optional node-lodash_4.17.21+dfsg+~cs8.31.173-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmBMZ+0ACgkQ9tdMp8mZ 7ukwMxAAjo18gciLVD5Md0ve12YPnhQ0vVd8Xwz6Hf8K6+jQRepa7TAyx8MQQK3a Sbdm2lCqiywsySDUX/C5lzF+vZjK+SWPsw79iylF2l+xc3YKU4Ld4HmxILEh9I4W 0MdRfmQa0Kvvdvw6olz8Ms+wNzyC4gw4S3QciEM6qzQj3/ykCBCXCEdeTupaldjU +9rHGaIIP6oGDIFPYq85yRt/Cz0m/5vLvg+uIGOvFu8vtDe8e6EtL7ed3Pv1gXO6 n6kC5Aua2BPyLz0nyiMA1nqReBwvxvOd8MJrpp6YZv+imnuLavpRQyNYkh1U3A13 p30JE9Ydr2JT4cZeCJa5GjI7vRor/TV7c8sFYnxVtLEdPOXfgo1TVRi3SjDAwhOE 3pzq217GWMeMI63WG1caui1qOWIDr1q1WEBKYFdfuQ1UdKQUsi2WrQrd/PYBYoyb 4Ptn5n/U5BI3ZXNXL2lxha2OfIlmGHFz7FAZvT4pSvFkUfS1ksB1eRuYjL2wbmjf zXitT/eLZTZfvsByDpWz5BEZulOpgEyoZ+2oE12wtZrlA1w3VRK0pxwHqDBuIP3T 4yMKbSpBxzU7S2QipapW10jnetTs6+Uba3Sw8/C8I6W2tMwQy3shvIflfKhlc/Ja oIV002xuwCUdd5m04ahZjjLz4KmQtK+UQ3D/EEoN7xLZCri/Qtc= =ulDC -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
