Your message dated Fri, 05 Jun 2020 07:18:47 +0000 with message-id <e1jh6cp-000ijn...@fasolo.debian.org> and subject line Bug#962145: fixed in nodejs 10.21.0~dfsg-1 has caused the Debian Bug report #962145, regarding nodejs: CVE-2020-11080 CVE-2020-8172 CVE-2020-8174 (June 2020 security release) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 962145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nodejs Version: 10.20.1~dfsg-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 10.19.0~dfsg1-1 Hi, The following vulnerabilities were published for nodejs. CVE-2020-11080[0]: HTTP/2 Large Settings Frame DoS CVE-2020-8172[1]: TLS session reuse can lead to host certificate verification bypass CVE-2020-8174[2]: napi_get_value_string_*() allows various kinds of memory corruption If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-11080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080 [1] https://security-tracker.debian.org/tracker/CVE-2020-8172 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8172 [2] https://security-tracker.debian.org/tracker/CVE-2020-8174 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174 [3] https://nodejs.org/en/blog/vulnerability/june-2020-security-releases Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nodejs Source-Version: 10.21.0~dfsg-1 Done: =?utf-8?b?SsOpcsOpbXkgTGFs?= <kapo...@melix.org> We believe that the bug you reported is fixed in the latest version of nodejs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 962...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Jun 2020 08:55:38 +0200 Source: nodejs Architecture: source Version: 10.21.0~dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Jérémy Lal <kapo...@melix.org> Closes: 962145 Changes: nodejs (10.21.0~dfsg-1) unstable; urgency=medium . * New upstream version 10.21.0~dfsg. Closes: #962145. * Security fixes: + CVE-2020-11080 + CVE-2020-8172 + CVE-2020-8174 * Build-Depend nghttp2 >= 1.41.0 Checksums-Sha1: 22312895497bcd5bc02956bc89d332a724d20251 3126 nodejs_10.21.0~dfsg-1.dsc c95948f590918a4f36de05b61dcc785c8887e7a0 16231704 nodejs_10.21.0~dfsg.orig.tar.xz 5f26e1919a96555420cb58732a0ad36ca1190d0b 96856 nodejs_10.21.0~dfsg-1.debian.tar.xz 98d37a2334a78634d04c4067834c20ac40ed691c 13776 nodejs_10.21.0~dfsg-1_source.buildinfo Checksums-Sha256: 39a2a639e181f73b9cc4ab76af60112295e1b350939265c86cf857ee31cb8000 3126 nodejs_10.21.0~dfsg-1.dsc 111d0a59a5d0ed8c2f64d46e344e14ea152b0b23f4e892d166a37e5b15c8cb99 16231704 nodejs_10.21.0~dfsg.orig.tar.xz 2387a6b9c7a88aeed5ad437d0958e8b49d9b712d1e5423a7e0f71f32b7b55842 96856 nodejs_10.21.0~dfsg-1.debian.tar.xz eccb23d4599b25b062a632d33d80a6390af28fcba8449de6c2e29cb78e586455 13776 nodejs_10.21.0~dfsg-1_source.buildinfo Files: d47dfffd85e98423b82793c26637eb13 3126 javascript optional nodejs_10.21.0~dfsg-1.dsc 3a6dff10c0d58ed9cc7a929aef80da19 16231704 javascript optional nodejs_10.21.0~dfsg.orig.tar.xz 373bbdd9916d977e831c0f7a5a35039b 96856 javascript optional nodejs_10.21.0~dfsg-1.debian.tar.xz 6053d46effbab42c7b0b65acb826ed87 13776 javascript optional nodejs_10.21.0~dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl7Z7NYSHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN0b8gP/jLNGOIM0SVg9v9CyRzqw4BHhauzeR4+ 862FlXS+jnWkQ7ASliFVc9oY5gVR9UqtklflCFMSq5XlvwPxNfUnJ/Kkt1X7vwMQ UpR6imLVegGSVq4pflocByuuyAotyMHtp7FZNvcQKYrP//CKCvWJqRQDPV4Zb+KG 3s4X/dTkvaiDefJAW8E/8bvWATEXI2Z3r03cB5LVJR0DWOhKCygu7jIbsHX6usoZ 5VNEfWF+1LkP4qE2b8sd8PF8Jf9WdPkxmZDWbeYWkYbhOdFZ9BYkkT5eljwC1wCY r/Po0ImCQzO3myJKbXKM41WDeqhyaDbf5AO8x7rf3YH/ivxv0h8NL1doNApfqxWz O6NZcSoz1Dqjy0sRuCgRR+h6WRTf+9bRAngN1RKOZ3u/Sx+7vYQYSvkWRVSkRbX6 oxHFk0LBkOdDr6iN3jtW8xWFYZpDYGo88JsZ3hrd6YAOotNLEx6mNZZ6XhOLpbCf MZGT+6Gw+Qx5OW3LTp8nI2oFdI+cL2+myW0XWuMrRZw1n3euIzwiDBVH4Xqsty1B cxoXKkopl5aGDAlrl7k1DE1IR9ouYK8bZJ/T360foipu9U7sC9jVQLKSXKF972DF CneFPJtCMApRUnVstYQu70ejJir+oMQB1ICbSj1/sVkFiBQ26RqsZmB10qMUHOhR obTp7ohpvcIF =n+Hf -----END PGP SIGNATURE-----
--- End Message ---
