Your message dated Wed, 30 Jun 2021 13:33:25 +0000 with message-id <e1lyalf-000gni...@fasolo.debian.org> and subject line Bug#990485: fixed in node-nodemailer 6.4.17-3 has caused the Debian Bug report #990485, regarding node-nodemailer: CVE-2021-23400 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 990485: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990485 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: node-nodemailer Version: 6.4.17-2 Severity: important Tags: security upstream Forwarded: https://github.com/nodemailer/nodemailer/issues/1289 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for node-nodemailer. CVE-2021-23400[0]: | The package nodemailer before 6.6.1 are vulnerable to HTTP Header | Injection if unsanitized user input that may contain newlines and | carriage returns is passed into an address object. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-23400 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23400 [1] https://github.com/nodemailer/nodemailer/issues/1289 [2] https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f [3] https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: node-nodemailer Source-Version: 6.4.17-3 Done: Yadd <y...@debian.org> We believe that the bug you reported is fixed in the latest version of node-nodemailer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 990...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd <y...@debian.org> (supplier of updated node-nodemailer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 30 Jun 2021 14:59:47 +0200 Source: node-nodemailer Architecture: source Version: 6.4.17-3 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Yadd <y...@debian.org> Closes: 990485 Changes: node-nodemailer (6.4.17-3) unstable; urgency=medium . * Fix GitHub tags regex * Fix header injection vulnerability in address object (Closes: #990485, CVE-2021-23400) Checksums-Sha1: 86d72b73e6b481d0be7ffd0c98c046b3f5defe87 2210 node-nodemailer_6.4.17-3.dsc 8b8e8d6757f24265969c47710c3f659096f91019 61856 node-nodemailer_6.4.17-3.debian.tar.xz Checksums-Sha256: ac8117c7ac60ef8fa212a8f22089f4ab2403938de10d3aea123794452e0fd3f7 2210 node-nodemailer_6.4.17-3.dsc 51d5c680e9cdbde6839751bbe75e50bf950f618b92900bc7cdec7a0800467755 61856 node-nodemailer_6.4.17-3.debian.tar.xz Files: ba848131b41398527184043769d8a93c 2210 javascript optional node-nodemailer_6.4.17-3.dsc d5442ef750fc78930b0705d6db159f57 61856 javascript optional node-nodemailer_6.4.17-3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmDca5kACgkQ9tdMp8mZ 7ul8Yg/+JR2wm6QMiEutKIzrmrOVbvu/EqEv7vhfJ7qTgGzKiDWD89nYyQRjzpEA 8YrBw/YwpLa5cicoUsRy3VoQG3RZw7u0Gqh4gM8rpVOZIZce2wqs4wJX5Ly5SUCA 4bzUkWWNwR65PHPMRsNuCZWY6uTPzK32U1+U94TIWqCKPeWzaynbPt5aDq4LOUWF YLFAebXKASnjCaC+J9hD4lA3pkIGedpaPX5+lM/nR//pDFYadDyqK4pVDKkBVZBE fOXZNnSwxGR8XoFzL+sslm8LT9DtQScdQrARTvHsqDg/LknIHgHqg3jToy2pDcwM JtGnbQbtQim7aVK82pculPpNbYg/mcvivbB0gRrtGCX2T8lSfAokRpFx5a6vtFvZ mVaNzj+x+cpLy16DjEJmKVDPHADKVv3Ohyv5MDN9TasStXy3dhaZuJ8NesPVzY4S qcCXZ8q9NdiMfeGHdQLgBDa4lGvnu9BufKwzkvWIQxj0eSlCA+Ak4WwntOq5JrrJ NIgn0wQ+AUun57fhpzAMX9cYYTBbRgOaJ7hYEetZKW8Q3DBJ+bSNJCH6qmeheVHf LUCjlpBJbhy12B0J1m3ZLPnfBl1poj/0a4zM1xjYw4ESuG1ksbSpzEb87JkX/yeY 3LiwAmx3kE0bOK7hWosEKoAS8oJioSH3w8pisqqzaNnv++qtJAI= =GQeu -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
