Your message dated Sun, 09 Jul 2023 04:49:00 +0000
with message-id <e1qimm0-008ytk...@fasolo.debian.org>
and subject line Bug#1040592: fixed in node-dottie 2.0.6+~2.0.5-1
has caused the Debian Bug report #1040592,
regarding node-dottie: CVE-2023-26132
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1040592: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040592
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-dottie
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-dottie.
CVE-2023-26132[0]:
| Versions of the package dottie before 2.0.4 are vulnerable to
| Prototype Pollution due to insufficient checks, via the set()
| function and the current variable in the /dottie.js file.
https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763
https://github.com/mickhansen/dottie.js/commit/7d3aee1c9c3c842720506e131de7e181e5c8db68
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-26132
https://www.cve.org/CVERecord?id=CVE-2023-26132
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: node-dottie
Source-Version: 2.0.6+~2.0.5-1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-dottie, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1040...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-dottie package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 09 Jul 2023 08:20:05 +0400
Source: node-dottie
Architecture: source
Version: 2.0.6+~2.0.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1040592
Changes:
node-dottie (2.0.6+~2.0.5-1) unstable; urgency=medium
.
* Team upload
* Declare compliance with policy 4.6.2
* Embed typescript declarations
* New upstream release (Closes: #1040592, CVE-2023-26132)
Checksums-Sha1:
63b122c42f13bc5208779167c2688b019118afe5 2398 node-dottie_2.0.6+~2.0.5-1.dsc
55a6cac294d52924349dd3a2123e57b04bcd27e0 2612
node-dottie_2.0.6+~2.0.5.orig-types-dottie.tar.xz
b21738621cf49c980283cbffdd8694c5d815efab 14764
node-dottie_2.0.6+~2.0.5.orig.tar.xz
7fbab8efd34f739aec222dc38146ce5f1a6872d8 2740
node-dottie_2.0.6+~2.0.5-1.debian.tar.xz
Checksums-Sha256:
ef8b0f75014bb5fbec10e1f29ac7ba3ec04550ce390f33e84c24ce161ee7779e 2398
node-dottie_2.0.6+~2.0.5-1.dsc
d436398c40ad2451d9af4c7ac4435489d65c36ea77d28fd6ff6f26c7b35c1675 2612
node-dottie_2.0.6+~2.0.5.orig-types-dottie.tar.xz
3bfe3e487ed46f5ca54be2518695af08e6d97dfc04dd1677cdec85e7dc9ff5bc 14764
node-dottie_2.0.6+~2.0.5.orig.tar.xz
440e4cf50d84268e011b3bfb816b30a0824accca07763ead178462ccc7d5b477 2740
node-dottie_2.0.6+~2.0.5-1.debian.tar.xz
Files:
a9d74c5b750c13cf2c53179009e1bfa9 2398 javascript optional
node-dottie_2.0.6+~2.0.5-1.dsc
3c47f0325bbd852b074eb2806f169ff7 2612 javascript optional
node-dottie_2.0.6+~2.0.5.orig-types-dottie.tar.xz
c1d745463140e0fa874fddf2a7994b28 14764 javascript optional
node-dottie_2.0.6+~2.0.5.orig.tar.xz
066ad2bf11c882ca87fca699b251c298 2740 javascript optional
node-dottie_2.0.6+~2.0.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmSqNzMACgkQ9tdMp8mZ
7ulNAA/+PmQLQmBf+zvRv2VXl22OwcWr6mwRus2Ch5P8ObB6dLScHPJv4BUUsRGd
OVNmat05E36bsuD8iZ3PjQMmqfBekHtQUtFQJ9WrpPuZKL0KtOnlOmDUvVd/9iYG
PVR4RYw+GcGnWCjv1rFVU2DeypAJ7qY4VwlFtd+RIWUZVNAZi/fDVVGST52ar8TB
ob0EMSKjbApywNJdEHE0CU79W7oSYLYB0eGJv8CSOWKn8XSQSV8eDU2uRQDfo72g
PI3Yg0fKUPemaS+OrmRQuTrr1TuD1EDVKsBTfd7J8gx8wI+SFJWI8i2zOYb0OViX
8P+R7ImSHY1cgWKDRwOLKdXxscs/+dhV92h7iZ+DsbSvdpjvtlhcloTgd+Lx+n1d
njqHmM+wzo30TGg3jYipa5HADQXRIQND19h96AqvVtAiDZjScocqy9YqBvFxFuCk
bdXLqgDKBeV9opKCzrjscILglPQoR/ChWPQsBKu6GtUN04vM8S1wRiFGx99AgRl2
C4h4NBnVY8ELj/XnW3Fnnl8iiK3Za8MuzUtAKzuXzvigwjg0QAuEeGfVrQDXJEwc
oCuLJ9ERpPVB9s4GuMY2f/VExgXwOiB5AA/WehOkVT7vzpV8BVNTHeZsvblFNXMf
nYrQKcdZpFaYhzYCEux+wzw3xR7BaS4HPHIM4oCqx4VZ0Ynyq8k=
=H8QT
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
