[Pkg-javascript-devel] Bug#985110: marked as done (node-url-parse: CVE-2021-27515)

Sat, 13 Mar 2021 00:21:14 -0800 

Your message dated Sat, 13 Mar 2021 08:19:14 +0000
with message-id <e1lkzuq-0000f2...@fasolo.debian.org>
and subject line Bug#985110: fixed in node-url-parse 1.5.1-1
has caused the Debian Bug report #985110,
regarding node-url-parse: CVE-2021-27515
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
985110: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985110
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: node-url-parse
Version: 1.4.7+repack-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for node-url-parse.

CVE-2021-27515[0]:
| url-parse before 1.5.0 mishandles certain uses of backslash such as
| http:\/ and interprets the URI as a relative path.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-27515
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27515
[1] 
https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: node-url-parse
Source-Version: 1.5.1-1
Done: Yadd <y...@debian.org>

We believe that the bug you reported is fixed in the latest version of
node-url-parse, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 985...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-url-parse package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Mar 2021 08:55:57 +0100
Source: node-url-parse
Architecture: source
Version: 1.5.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 985110
Changes:
 node-url-parse (1.5.1-1) unstable; urgency=medium
 .
   * Team upload
   * New upstream version 1.5.1 (Closes: #985110, CVE-2021-27515)
Checksums-Sha1: 
 41ecc286f6d90b1dd1cf1612b43a55133e54b233 2551 node-url-parse_1.5.1-1.dsc
 fba49d90f834951cb000a674efee3d6f20968329 2028 
node-url-parse_1.5.1.orig-types-url-parse.tar.gz
 b8328c86ecc8d86cf2f40806a2f9285dbbaa1094 15752 node-url-parse_1.5.1.orig.tar.gz
 e9729616413c186f1132c05e9819e8e0d223daf2 4120 
node-url-parse_1.5.1-1.debian.tar.xz
Checksums-Sha256: 
 7fbb638e124745465fa3f7b9d89a879697e16f54a4bfceab0bf91659bf84b6c7 2551 
node-url-parse_1.5.1-1.dsc
 aacd8bb80991adce84b6305b2f64d1644f16ac47376a0958954555517647b03e 2028 
node-url-parse_1.5.1.orig-types-url-parse.tar.gz
 a06e817a6da716b87be010e04c20b03ce184749da94124377706c5acf637e75b 15752 
node-url-parse_1.5.1.orig.tar.gz
 06a4602e903e90f456f17bf3950905af6cd80e608d9e82cd4db391753d3ced26 4120 
node-url-parse_1.5.1-1.debian.tar.xz
Files: 
 6d221fbe04a72c81597aac560562a7dc 2551 javascript optional 
node-url-parse_1.5.1-1.dsc
 782204fc24278d978e12ef488becc87e 2028 javascript optional 
node-url-parse_1.5.1.orig-types-url-parse.tar.gz
 9ac71a05eb039ce09af472d1748e05ac 15752 javascript optional 
node-url-parse_1.5.1.orig.tar.gz
 9eb7b501f9679fbacfe4cdb17b628d15 4120 javascript optional 
node-url-parse_1.5.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmBMcHcACgkQ9tdMp8mZ
7uloKg//W2SiSFbfj7XjA+oRpDgteFUf58/JUPkuyIM4YWLSmNWJ0DYEtDAR59cw
blv86dUx9pVmJnyEiC+DcUrYMFmZOFRG32tonbFdrNPuWOiKbIUBzXIaIYBEw36b
VEdEABzt34Vl6+wy6/1LplQAtiTEyAridOHmvdiUtYaOIvWfGOH+nUjfBekIn/Kw
J/De96OzfZ5j1rnalkIOlpVExKCiHe+DgUaIdhD+JYoOcIN3E+RZhVFvpDcCdUaB
6xoSQedLdVAb4BuI5+0kPmaAmhKZDhUUYAX460FquAGFRYNBfjGB8iEG132i3igD
M6pMZk1AtDvW2dNYpAvdOC0DC/nG+xTYq+s1ijU4msg+jlINRTWlPmQhLTysSUDu
jTxfPsZ3XNZumCsYhaMlPA0mqZMx0F0xVhxfBh/JHtoKoIrkPBYOe/4+xQN9u0Pt
DbrpNw9O7+fgQLkfbadEoAfqcTLL6rlF9h//cpmbKIPTUMOGqHDdJ2wRJLApHy5C
LDTHPJKdIcoXXnZPzaaUBBB+uu+jVz/bPLmLISD1jbAx3vivczJ2iqzXtSStKUP0
rQ3dbIBvdXzJN+Utet8kCIVe1aCaDJDHPVYLmJCSH0HemNjVEAOnoFdYbkFECNFZ
mZWQYvDLR1qHeUI11NQX5x+IhifuhL/dqLcfHnsH9oz6ZrgnUnI=
=c9hT
-----END PGP SIGNATURE-----

--- End Message ---
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to