Your message dated Sat, 06 May 2023 20:34:56 +0000 with message-id <e1pvock-002it4...@fasolo.debian.org> and subject line Bug#1035580: fixed in node-yaml 2.1.3-2 has caused the Debian Bug report #1035580, regarding node-yaml: CVE-2023-2251 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1035580: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035580 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: node-yaml Version: 2.1.3-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for node-yaml. CVE-2023-2251[0]: | Uncaught Exception in GitHub repository eemeli/yaml. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-2251 https://www.cve.org/CVERecord?id=CVE-2023-2251 [1] https://huntr.dev/bounties/4b494e99-5a3e-40d9-8678-277f3060e96c [2] https://www.github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: node-yaml Source-Version: 2.1.3-2 Done: Yadd <y...@debian.org> We believe that the bug you reported is fixed in the latest version of node-yaml, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1035...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd <y...@debian.org> (supplier of updated node-yaml package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 07 May 2023 00:10:19 +0400 Source: node-yaml Built-For-Profiles: nocheck Architecture: source Version: 2.1.3-2 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Yadd <y...@debian.org> Closes: 1035580 Changes: node-yaml (2.1.3-2) unstable; urgency=medium . * Team upload * Update lintian override info format in d/source/lintian-overrides on line 2-7 * Update standards version to 4.6.2, no changes needed * Fix corner case failure in error pretty-printer (Closes: #1035580, CVE-2023-2251) Checksums-Sha1: 1bc5e5d78958b9589ce9f38da7f17c0cca0bd504 2194 node-yaml_2.1.3-2.dsc 7f97b2a9ba8994a66f8b57a6625c49c01db583e7 138708 node-yaml_2.1.3-2.debian.tar.xz Checksums-Sha256: e16a23a0cc98f172c6eac8b942ee1536b6e2f3d27f4aeb9e11f4d80c95dfb8ae 2194 node-yaml_2.1.3-2.dsc 88a58fdfa65542cbd908e30bdd815b6e7e7df1bca82649acf25972ab9d50b8db 138708 node-yaml_2.1.3-2.debian.tar.xz Files: c0460c72d1ce7964491d785721ea9fdd 2194 javascript optional node-yaml_2.1.3-2.dsc 0de5ae232b1d243ac6d61a763f3c37e5 138708 javascript optional node-yaml_2.1.3-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmRWtJoACgkQ9tdMp8mZ 7ulH5g/9HBmz9vLfw/dzm/AdlGeDhcJlAho+b5EUuqf5vPe/medTg/RZ/l8YetVG POq3gVEAIsCr23dq5mMRtf7yxxHiLzmKcZxTYjKyiEh/CC4lN3I3Zj/Gm0XNfD+l FBD8WiVOr0XEK1TFD9vfETJoVnDTdF7amRXtBXOxm+BP62UdGZxlklRjgS2rJxXU TGOs/T2u2wvTS1u1qCJPReBVaZyaEPCr9t403mAM9mLwhBBMMk86LU0WhJkRelaO ncs0YuE2v7h6F5F80w2ZDVTfEsLqDIuJ6U7M5sl/9EtIZorbf9f9LJdG/7pzerpC uVfgtH36RhE5Vga1F6IP0SLm5dB7sZkV+Z4Vo8G0TckUOPLWFd0CxKIAfCOsrA5h KwePgFFQyR+WJruFdZAyN9LQrKoVwH8FrSYY7gRb+l4cONbUcUw//epJ+vILmqti 1PiqwvOsU6nNsqnNHcPhQ8Jddm55pjrW5rMVsWUaLf5PLyEibi5wGetwpcSMUp3n XfdXz6f68NmH9VXfk1q9YevoZmKP8FujnG99DNMNZg3xYhiilFS+dKHFcwYwdQdv Pc0e+ek86QJVhUM5jHnh591xIY5e7Q3yQua9KBVp2uGyXQvib6WoX6wU8PMMGDy/ fo3Fm7rsrDXLZzzAuJP8gXbNOMgYlXeGW8ugSo2u4sDN7R6SElY= =/rA/ -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
