Your message dated Sun, 28 Apr 2024 20:52:56 +0200
with message-id <zi6bcds2jujrx...@eldamar.lan>
and subject line Re: Accepted node-es5-ext 0.10.64+dfsg1+~1.1.0-1 (source) into
unstable
has caused the Debian Bug report #1064933,
regarding node-es5-ext: CVE-2024-27088
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1064933: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064933
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-es5-ext
Version: 0.10.62+dfsg1+~1.1.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/medikoo/es5-ext/issues/201
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-es5-ext.
CVE-2024-27088[0]:
| es5-ext contains ECMAScript 5 extensions. Passing functions with
| very long names or complex default argument names into
| `function#copy` or `function#toStringTokens` may cause the script to
| stall. The vulnerability is patched in v0.10.63.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-27088
https://www.cve.org/CVERecord?id=CVE-2024-27088
[1] https://github.com/medikoo/es5-ext/issues/201
[2] https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-es5-ext
Source-Version: 0.10.64+dfsg1+~1.1.0-1
On Sun, Apr 28, 2024 at 02:39:58PM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Sun, 28 Apr 2024 17:42:38 +0400
> Source: node-es5-ext
> Architecture: source
> Version: 0.10.64+dfsg1+~1.1.0-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian Javascript Maintainers
> <pkg-javascript-de...@lists.alioth.debian.org>
> Changed-By: Yadd <y...@debian.org>
> Changes:
> node-es5-ext (0.10.64+dfsg1+~1.1.0-1) unstable; urgency=medium
> .
> * Team upload
> * Declare compliance with policy 4.7.0
> * New upstream version (CLoses: CVE-2024-27088)
> Checksums-Sha1:
> 00ac9a9cc333a9591819f29f9dc201a44b86ed39 2502
> node-es5-ext_0.10.64+dfsg1+~1.1.0-1.dsc
> 47adcb21fae6891d7ee7361925cd9271b17014d8 4000
> node-es5-ext_0.10.64+dfsg1+~1.1.0.orig-next-tick.tar.xz
> a14349957458b4c3a550ddc89a8eb46d3ac55060 98820
> node-es5-ext_0.10.64+dfsg1+~1.1.0.orig.tar.xz
> b66861c5b13af54d9f17fb848bf2ef97bc05f010 4368
> node-es5-ext_0.10.64+dfsg1+~1.1.0-1.debian.tar.xz
> Checksums-Sha256:
> 56f461199b70efb68d0a7b6fc1933dccd192682112334c404fd0af77b4ca729b 2502
> node-es5-ext_0.10.64+dfsg1+~1.1.0-1.dsc
> 4b88466e757b6cddefed1275407b4aced0f9379c1caec88fc0dbd737f218ea67 4000
> node-es5-ext_0.10.64+dfsg1+~1.1.0.orig-next-tick.tar.xz
> 73eefa5ace80aa1ca02c4e8d941c892c92d511ecc90186313bcef739f0e960a5 98820
> node-es5-ext_0.10.64+dfsg1+~1.1.0.orig.tar.xz
> f70ca85871aa3c5c8a6eaf8d4bf1d5789fdd46e08511d3230bf87057b359a306 4368
> node-es5-ext_0.10.64+dfsg1+~1.1.0-1.debian.tar.xz
> Files:
> 96882f12a6df1d1e5cbd19205a4b2c85 2502 javascript optional
> node-es5-ext_0.10.64+dfsg1+~1.1.0-1.dsc
> 503a8a5ea72aeab3a8f9af621752bb1e 4000 javascript optional
> node-es5-ext_0.10.64+dfsg1+~1.1.0.orig-next-tick.tar.xz
> ecbd763c6d41f64d0a4b762d3e5fb921 98820 javascript optional
> node-es5-ext_0.10.64+dfsg1+~1.1.0.orig.tar.xz
> a12714528ad453fe2de55bcf011c2b15 4368 javascript optional
> node-es5-ext_0.10.64+dfsg1+~1.1.0-1.debian.tar.xz
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYuUrgACgkQ9tdMp8mZ
> 7ulscA//fdH9BrZjJRz5yrUIEJBIQPGwmjbLgv0pYfOBXCcchb6jlt2eCGrZhocQ
> sUju3+bf3XwsOhPiESJ8crt50VhQrF4ymGFlYZKxpAURFcQYFJ0s2+BAybwo6o60
> JOa1+rvcU/qFUm+yvECRFgH4rO67uWkIYfdxPYRiW5Q9+Elu/BqBqVW778sxzXai
> n/auHL6v0yWh002ATorJWN0BqcVDTIvc+O9dX8WjWquNb0xylTnCv8xIMrskaIOj
> g2yu7Wpd2n7d4FsF7RNcauUHRb+tUl1b3uDrfLjf/twH6BEfNa6u0ASIdrPNNtw5
> z7Nn2JlbdQuoSjPfQXNHJ6u9ihRfEuHKfV2CLorxt/yS5QrrpxyaEIPRE1KbhO/L
> +SAlM5PfLg2boMxSoWXjTL3emamsFa46P6BdzpEQQl/6uhKYjTCQucP8NAAgoPUx
> G4QKE0kkgBF08dxn4e7WKmkkMfP1xeJ3hFVC9qD8BcCmKij0kCU9SAMmm9rEMsKD
> MEJnho+7kqO+Y3owwjrMFaKkLR0dXNiox81CF/gtVwK77Mka/sX95sSrS4A2mecb
> /jCMmc4JRJ8tuLcrnb3AMC/EAkPCnd36T3OEez3gWD/qYOR/afirNN2h5EhSrNcH
> qMRuG6IHhBvRLeUd9L1R2TA7KdPGr431cOVQr/ojsRnA2I5gTaM=
> =UP4E
> -----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
