Your message dated Thu, 14 Apr 2022 08:49:44 +0000
with message-id <e1nevae-0003by...@fasolo.debian.org>
and subject line Bug#1009676: fixed in grunt 1.5.2-1
has caused the Debian Bug report #1009676,
regarding grunt: CVE-2022-0436 - Path Traversal in grunt prior to 1.5.2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1009676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009676
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: grunt
Version: 1.4.1-2
Severity: important
Tags: security
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
<t...@security.debian.org>
Hi,
The following vulnerability was published for grunt.
CVE-2022-0436[0]:
| Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-0436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0436
Please adjust the affected versions in the BTS as needed.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.16.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: grunt
Source-Version: 1.5.2-1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
grunt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1009...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated grunt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 14 Apr 2022 10:37:57 +0200
Source: grunt
Architecture: source
Version: 1.5.2-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1009676
Changes:
grunt (1.5.2-1) experimental; urgency=medium
.
* Team upload
* New upstream version (Closes: #1009676, CVE-2022-0436)
Checksums-Sha1:
fa3e118af20d894d3ca6153087f8c177650d70c5 2049 grunt_1.5.2-1.dsc
88e5b1a1e8c772f31a7140d17bf28dcd5058b8cd 52576 grunt_1.5.2.orig.tar.gz
3f72385c0365cf6b6d0c787a2ad3f8d53a1d0a0d 4996 grunt_1.5.2-1.debian.tar.xz
Checksums-Sha256:
0a7bd9acf11ba06a3f42daff69f3945d751e28f8a02451a07823f709e5d4cb44 2049
grunt_1.5.2-1.dsc
54ea40beb544152e359e8bfeb6f541e6c99556ddcbabff7d0086ab4d777b0b3b 52576
grunt_1.5.2.orig.tar.gz
ba8fc6cde10dcc3a2ce594d9ef63283646ca3ec3cdcb8b1b2d45aaefef85eb59 4996
grunt_1.5.2-1.debian.tar.xz
Files:
b5355fadda5beee43ddacc1f972ebb10 2049 javascript optional grunt_1.5.2-1.dsc
af48d15b82aecb6adf1ad4b68a6a19bc 52576 javascript optional
grunt_1.5.2.orig.tar.gz
273389b1ab0452bd5427a618a4772a5f 4996 javascript optional
grunt_1.5.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmJX3csACgkQ9tdMp8mZ
7umezw/9GpXDwksRu5d7NLfgxQPE64LZ5KvgNUayn0jLfTkPfIpiy/zf5QhoFU3D
erTwWwEjR3jzmREB5xFiJm1HON6fu4MlVXUjyeX0UX3fQIAIhdk2iIDzrUxDMISY
Mb4H2DnTSjMeC436x4yDzrLhukSad/zaNQQseoH6iNeQhgo22Lln+4iu0iXB5wwy
85S1xJ8cMIaQL+t5MO7y4oXHedKdn52YlNFosYA/mfljI/u78EgB69lxD3+ZXLnr
3HXkjQZ3GXrjZNoWFdEH81Hgqo2eoCJKmhSodICKV+XIELmYVNUdRIa7jcBbHMbd
35QYwObp377u4p7uOJZwfDFp2TmeDr8ZXg8K3OZ8vV2tKW52lsskWdX6CP4tq/Se
PahIEx76Up7v37T6/elV+Reogvwn0sFgtLXr5ZfXQBQ/Q++YksTUvCflStRd4cEO
v0pU1MD2099m/35jEzzoo/kTNJCTxnWSyDdRgg0+fH7pZhbIxOOX55oeYC9/Usgg
WuLsl4NgyY2xvQwlS7g4JLq4fbM6KrMasSrC7Yrewk//BtZ9u7TBqBtXFjqr1r2e
2mZCGuOXF+lyATw2XE+91KvDdsVWJOoYalBp2iQRePr2rNTrPOEpteHg9q86Hpp2
bqm7asYN4O13N1HQf/oH7cdcz3GHtPKUuyRhpAea5NTQ2dKLWAE=
=zool
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
