Your message dated Sat, 05 Nov 2022 23:43:07 +0000 with message-id <e1orsod-00esrx...@fasolo.debian.org> and subject line Bug#1023518: fixed in nodejs 18.12.1+dfsg-1 has caused the Debian Bug report #1023518, regarding nodejs: CVE-2022-43548 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1023518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023518 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nodejs Version: 18.12.0+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for nodejs. CVE-2022-43548[0]: | DNS rebinding in --inspect via invalid octal IP address If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-43548 https://www.cve.org/CVERecord?id=CVE-2022-43548 [1] https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nodejs Source-Version: 18.12.1+dfsg-1 Done: Jérémy Lal <kapo...@melix.org> We believe that the bug you reported is fixed in the latest version of nodejs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1023...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 06 Nov 2022 00:14:11 +0100 Source: nodejs Architecture: source Version: 18.12.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net> Changed-By: Jérémy Lal <kapo...@melix.org> Closes: 1018153 1023518 Changes: nodejs (18.12.1+dfsg-1) unstable; urgency=medium . * New upstream version 18.12.1+dfsg * Fixes CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address (Medium). Closes: #1023518. * Build using gcc-11, g++-11, fixes mips64el and riscv64 builds, https://github.com/nodejs/node/issues/44126 * Patch: fix link to home in html doc. Closes: #1018153 Checksums-Sha1: 2ab4f8476d1261fbc99437048507184394b2212e 4074 nodejs_18.12.1+dfsg-1.dsc dc880ffed605e768520ecdc27f5107e36492608d 252240 nodejs_18.12.1+dfsg.orig-types-node.tar.xz c158c50da094ea9a60c824339ab08ee454798930 25217060 nodejs_18.12.1+dfsg.orig.tar.xz c85859322aaaf370f63a188ce1efff386ce7c007 163312 nodejs_18.12.1+dfsg-1.debian.tar.xz 4eadd0753e1a9406e859b59a5b7afe09582b6a36 10588 nodejs_18.12.1+dfsg-1_source.buildinfo Checksums-Sha256: d99fd61f2b2e7b7192c812382e6b403474c087fccf0a1f397a1d0cabba923cb4 4074 nodejs_18.12.1+dfsg-1.dsc c26fad73fd49fc945a930ba93dc60f26441b405904b13ae6934152fb0bafd172 252240 nodejs_18.12.1+dfsg.orig-types-node.tar.xz 264f27cc900386944b66b725889ecd4c8ef47784fa11d33352f4096495cbaf76 25217060 nodejs_18.12.1+dfsg.orig.tar.xz fef405c754bf82870a286b5cb2b830cbb522bc5e253973f8bf4278d5ba6ed692 163312 nodejs_18.12.1+dfsg-1.debian.tar.xz 97d5c5ed02757be1d2c359a3ebe7bb75d7d7f672a6b4e395df1047fee8930d77 10588 nodejs_18.12.1+dfsg-1_source.buildinfo Files: 97ca0d198a06d883ba784448f3562d66 4074 javascript optional nodejs_18.12.1+dfsg-1.dsc 77a5e7ac0b2cdd222c1dcc8b271673ac 252240 javascript optional nodejs_18.12.1+dfsg.orig-types-node.tar.xz fe24f15846cacf3e1951329faa06a7a6 25217060 javascript optional nodejs_18.12.1+dfsg.orig.tar.xz ee8d790a09807d06e09af172246992ca 163312 javascript optional nodejs_18.12.1+dfsg-1.debian.tar.xz dd3e5b0cb46dd12c22af829b4159f50c 10588 javascript optional nodejs_18.12.1+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmNm7msSHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN0jHcQAIvfLLadgNNRRLCIQgpIA4UM0GIwIKku pvcU/R0hEw+Ica6CYqK4VuP+OiVmpSKIKDZV/23hP7uTd9DApFN1EOCmxVUAX/ww h0sr0dR2J4VEo3G0gZ8A60/JRgHcTFb1bUn757JoJYvzmhz+miasA38xNjXYLsw1 lSyAPkgJSptPVXROV3UsE0Q8t2i1GzoUgg3Vd2JSt6wXwUJDc0zcvuzl4Ra3VTrW uO8ogabwEX0EpW3tLxD1F0dNGLvh73xQ/kV10yqp7NABA+IRg8kbkDH0+vBxyxo8 h5pawGhj1CPbV9y6pWmI4yGc6Z9WedY5WP5WfNu2GHaFtHcid13CvXublUUXCkfP 55rUdWJWDC4ppBdKFDrWa+6mcZSTWdEic4ctwuN0zp/Crz084OPPzB/Ud3R0cck7 mpyCv86rz3RtUoIm0nvq68I4+aT0Tb7I8mkW1QZ4KOUjzeUNMJOYQvOmkhbHhJ7G UfcvmPqSjLgcRodAMYxAWGF7/Z7t3AnburOoiKmUA33IwsBjFWyVttcuXSbEa5+N QsvLqJYIGJqcFvDnevATy7PMvR3BCA1iOx6kMq1r6nyQZbwKUlPj7tRRbV9oBiPb SaPwghTjQm+zneIV1NZV+y7Zu5gvsBql4u/QgozZwa/PmOBCkM+3JgqqVV7lYP/d 9Roop/XydrPS =LVJb -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
