Your message dated Thu, 21 Aug 2025 22:22:09 +0000
with message-id <e1updfd-00ei27...@fasolo.debian.org>
and subject line Bug#1111772: fixed in node-cipher-base 1.0.6-1
has caused the Debian Bug report #1111772,
regarding node-cipher-base: CVE-2025-9287
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1111772: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111772
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-cipher-base
Version: 1.0.4-6
Severity: grave
Tags: security upstream
Forwarded: https://github.com/browserify/cipher-base/pull/23
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-cipher-base.
CVE-2025-9287[0]:
| Improper Input Validation vulnerability in cipher-base allows Input
| Data Manipulation.This issue affects cipher-base: through 1.0.4.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9287
https://www.cve.org/CVERecord?id=CVE-2025-9287
[1] https://github.com/browserify/cipher-base/pull/23
[2]
https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc
[3]
https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-cipher-base
Source-Version: 1.0.6-1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-cipher-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1111...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-cipher-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 21 Aug 2025 23:59:58 +0200
Source: node-cipher-base
Architecture: source
Version: 1.0.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1111772
Changes:
node-cipher-base (1.0.6-1) unstable; urgency=medium
.
* Team upload
* Declare compliance with policy 4.7.2
* debian/watch: version 5
* New upstream version (Closes: #1111772, CVE-2025-9287)
Checksums-Sha1:
3c094738ebe6d468613b3294663d63d50600e5de 2148 node-cipher-base_1.0.6-1.dsc
e9bf8903fbcaf1c0406d9c10c043234f40ee7c3f 6995
node-cipher-base_1.0.6.orig.tar.gz
655fe4d1acefaa3253f5d6633cb374976f935ad8 2848
node-cipher-base_1.0.6-1.debian.tar.xz
Checksums-Sha256:
0a8911a37ae20f060d859f78c7cad96d126d5cc7d150bb837adc35f823497b0a 2148
node-cipher-base_1.0.6-1.dsc
cb81d2bae67ef1b61fb33018e7edd9e75ba5832324684e2546477ec7e5ddf856 6995
node-cipher-base_1.0.6.orig.tar.gz
505cbc24d4b2f38bca18ea8616201133c22b906d5d0436c5e19e20d084ee3957 2848
node-cipher-base_1.0.6-1.debian.tar.xz
Files:
49de4f8f715c72b1763fe6277d427700 2148 javascript optional
node-cipher-base_1.0.6-1.dsc
b79c524140cfab17d9ea5ae85067411e 6995 javascript optional
node-cipher-base_1.0.6.orig.tar.gz
ed28b560680eb06555b4af0676214aaa 2848 javascript optional
node-cipher-base_1.0.6-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAminl5QACgkQ9tdMp8mZ
7unQ5g//duRdiLEG2dBA2gJqB6HdavaRgrCZE+Lr8NnemJFu3DsgZWoKpDXshPp2
JKECvht2EHGHQNVjtLNnSCQ9idvyGyDCaJT4OVOScHdDzRGUnkB/j/8WqJQVTgUU
zSWFi4b0DHR5i8jcLuB778VaGM6QvRhF+6k5LGKicoPXQyHoaeW1/zX46e5L7cVq
YfnhbO+wcCBi38nAG8l7yVlq1hsWu0WwzEQU4iRkTstrVBZNK+SIpKprkdHCrQWm
H/QT7WLOUO4ztZvFtNrsizQ9n8UD1xNZKJhK1LqFfxV1cUo4onqvjH0HHJYte6D2
I+BRWW+gD28xdpXOUmdV3HuIfM4zzbA4OMaOhR3ImoRaDaCfg0UukckKOsXo6DWe
X6Uv67UbGSoGUnXg+m/BVe7nBklz1CXOsRp1g9vEYe775UnEcRFHdLI9StgcCkX+
59uH6r6YShAVn7U99hdd5fMPLBdaqoITKgqEMCoS2yjeaX/T0f3q8pOgzua91S/U
PEbz9ky+MQMnlnLIvQ0avN4JMZ2HXRHIF0CcSAjmDuVLoAbTeGBy/TZPVKMPh/SL
bHcidw11U347MxjVXELbGDPcIlHoCWmqj1ZXT8wPSS4VrDfQij9m8AgKjcxAQLJr
ePmn65lmTO+REs9HF0xjyGR52KOgHUGkwwvC3FSKAyhmzDNQECc=
=KM1e
-----END PGP SIGNATURE-----
pgpjDrLHdUL7h.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
