Your message dated Sat, 15 Oct 2022 11:02:09 +0000
with message-id <e1ojevh-005cog...@fasolo.debian.org>
and subject line Bug#1021618: fixed in node-xmldom 0.5.0-1+deb11u1
has caused the Debian Bug report #1021618,
regarding node-xmldom: CVE-2022-37616
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1021618: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021618
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-xmldom
Version: 0.7.5-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/xmldom/xmldom/issues/436
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-xmldom.
CVE-2022-37616[0]:
| A prototype pollution vulnerability exists in the function copy in
| dom.js in the xmldom (published as @xmldom/xmldom) package before
| 0.8.3 for Node.js via the p variable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-37616
https://www.cve.org/CVERecord?id=CVE-2022-37616
[1] https://github.com/xmldom/xmldom/issues/436
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-xmldom
Source-Version: 0.5.0-1+deb11u1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-xmldom, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1021...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-xmldom package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 12 Oct 2022 09:11:06 +0200
Source: node-xmldom
Architecture: source
Version: 0.5.0-1+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1021618
Changes:
node-xmldom (0.5.0-1+deb11u1) bullseye; urgency=medium
.
* Team upload
* Fix prototype pollution (Closes: #1021618, CVE-2022-37616)
Checksums-Sha1:
7cbde2a3db34b75a2fdf06e55bfcb12b60861848 2054 node-xmldom_0.5.0-1+deb11u1.dsc
0543cf9a1e653a2bc73f792b40d1cdbfd672d05d 3912
node-xmldom_0.5.0-1+deb11u1.debian.tar.xz
Checksums-Sha256:
94eb865d7f54dcd16ea3d2b7433fd02b7eb3bc5ac857ebab57b43058071e1373 2054
node-xmldom_0.5.0-1+deb11u1.dsc
af7f32e19b846728ec2861dba6fd59b17572b67581c2d7ef12712d88eabb17e4 3912
node-xmldom_0.5.0-1+deb11u1.debian.tar.xz
Files:
f77a42d1236d68f8dd9f733adfc6bdf4 2054 javascript optional
node-xmldom_0.5.0-1+deb11u1.dsc
47fb71f03402d773a380b71f8f928209 3912 javascript optional
node-xmldom_0.5.0-1+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmNJa9EACgkQ9tdMp8mZ
7umyMBAAmh2h5zcXybGTc0shjmjNAWVOxqXzh7rY3zdhAodNSDKdT/JZ1KRz10hH
Ah5Vj3kWOp68w2eLJ3ltIFgOA8kqieLugztSyUWqLWqX5+r9GSACzYCZstEurrDY
S6i6LbnLA2mRBTKkolMsna0e1d6gb7A8cP9PeaG1MO9H1+mkecFtJ0hDnxbgTe7K
du+22sAcchHMe5xLibziceiPASkz/qCt3QR4qQ1O04dZTmqk+nQSSaNVHqjn1FQY
xMmx4I1aOduQZh/XuLagR1Ky/oy/KsKkMg290DQKPoNxd+4wLjOGcRMzhVth5bZZ
XA7wYIJdEqXFZPdAUiNtVVYd30/vVARMdoDiz0cZEWfDWUskUxr4wMlZ1VZkMZ6h
ygSoZ4wSaZ1s3zjBlsTaqtWybf5vYxtR98ETTCK96RI4Sh17Ito5Dtq54Fh/YKgT
tbRgVFKU9d5gs2U6MVfWOSyS3ebTqb1tvZ2bCy8MXvt7Pb6CvQyv1CNBnOBMX9L/
+g2kpblY4gBzyIV2zqA4LLglcx8hmCf03TryPM9/peP6VBGaB0OZnXQXF8OHQanI
0S5zHmUuth0bxSYJ1YvKqpwMBLFJ+OJYFEOBh8yg5HOzp1OQH1cGGUuVUdSsnGWy
RBlfzBCyiOJjstcY6qIaTgzdffpoGeglxx2BZ3Rw4pQmZv421do=
=JQ+1
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
