Your message dated Mon, 17 Jul 2017 21:34:32 +0000 with message-id <e1dxdey-000cxh...@fasolo.debian.org> and subject line Bug#868162: fixed in nodejs 4.8.4~dfsg-1 has caused the Debian Bug report #868162, regarding July 11th Security release to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 868162: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nodejs Severity: grave Tags: security Hi, please see https://nodejs.org/en/blog/release/v4.8.4/ and https://nodejs.org/en/blog/release/v6.11.1/ The hash see vulnerabiliy doesn't have a CVE ID yet and the c-ares one is being addressed via the sec:c-ares package. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: nodejs Source-Version: 4.8.4~dfsg-1 We believe that the bug you reported is fixed in the latest version of nodejs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 868...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 17 Jul 2017 22:08:48 +0200 Source: nodejs Binary: nodejs-dev nodejs nodejs-dbg nodejs-legacy Architecture: source Version: 4.8.4~dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Jérémy Lal <kapo...@melix.org> Description: nodejs - evented I/O for V8 javascript nodejs-dbg - evented I/O for V8 javascript (debug) nodejs-dev - evented I/O for V8 javascript (development files) nodejs-legacy - evented I/O for V8 javascript (legacy symlink) Closes: 868162 Changes: nodejs (4.8.4~dfsg-1) unstable; urgency=medium . * New upstream version 4.8.4~dfsg . [ Upstream ] * Security fix: Constant Hashtable Seeds (CVE pending) Closes: #868162. * http.get with numeric authorization options creates uninitialized buffers Checksums-Sha1: ab676945b0dc1eb6d8311e4244562f4d59a278b5 2541 nodejs_4.8.4~dfsg-1.dsc 850d909e5374e1763a82aeea5deaabced101c913 9736496 nodejs_4.8.4~dfsg.orig.tar.gz b37237f020937cbae53d8b2439f1099cecbd7306 349220 nodejs_4.8.4~dfsg-1.debian.tar.xz d6e104d6862411b29460da9d4441437f7cde2576 7068 nodejs_4.8.4~dfsg-1_source.buildinfo Checksums-Sha256: 53ac712b9e64b5065fc2d305d20077a00e027b05992392ed51ebca7883dd9231 2541 nodejs_4.8.4~dfsg-1.dsc 2d58be4bab8bdb352a0e8041ba524c59018dca8893cf98677219a1c92b72d179 9736496 nodejs_4.8.4~dfsg.orig.tar.gz 873de37660cc478955241b09b642cf5553d08f2ff549b5acfa3b4645feb0fe79 349220 nodejs_4.8.4~dfsg-1.debian.tar.xz 7370933d832c3883f878a1595fccc3bb832da0e9c01e50ccce327cd6f78761c9 7068 nodejs_4.8.4~dfsg-1_source.buildinfo Files: cc26a0673d084fd07b1ff137b67e31b4 2541 web - nodejs_4.8.4~dfsg-1.dsc 9f9549383a5fb99b41763d291a48d16e 9736496 web - nodejs_4.8.4~dfsg.orig.tar.gz 39f2eb5f400abef7fd1a315e230a019e 349220 web - nodejs_4.8.4~dfsg-1.debian.tar.xz f9419422c662b7cc677cd2372db0799c 7068 web - nodejs_4.8.4~dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlltKXISHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN0tGwP/AlfLRkZLf4cj6cV85eZt274T7AOQ4Cf 6dZ0xmiw54fLIVvfY/2xkZzVlxGf7comCafP8bsDsTUeA58j1k7lcvALMZXDDW4f PFfUpk2FenGUmW6d4iv0Kh6234ie/DuScpqnrxTSneOmxWFfVvwH6xy5Mqj3MfXo y07mVDvrOl2pCc+QbkP4XLZaGs6/86MO1pG57n87wjJnrxtbXcBSMuZ4f1quFz/o 5514IciNUkgyNZyoCt9V9DpOLomcZRhEJwiRMbiEPQQl4TAFfu0PfQrucFjY61V7 aVKgqKzuLrZa3YrChQTlOA1VtqXHf8KuQ5YlIt36RBjQbHUn9HcmO6lUSjaTiHxg SRZHVSKDseiJ2DbAj1KQK0QLyqEPlHFRFigaZPKhNCsT8s/Yqiua+nbKuH3/whuJ IqHdCf9IZc8XNqBEIQPLQcTGZyHRIHNZHaFMxzDwB28slpGqfv9voz+KG33izLxi 0fkdqfJF1I9nXQT7lWZmw22cQVQwC/l39ecpMWpyk+/p1Fcnbb64JR7mjujNp46X hdzXO5zQuTER2qMprNWcmEYx6OZpgiUxce6LO7Q1ddFqj77G+81yEyd3W5/tCmrA RfZerU8au9+pkxG/huUUvQf7odZOvqjsH0ZM9F05SDyfaO7tTFPiO86H8qtbT3he ef14qCd3vluU =9poE -----END PGP SIGNATURE-----
--- End Message ---
