Your message dated Tue, 06 Jul 2021 18:32:07 +0000 with message-id <e1m0prb-000hi1...@fasolo.debian.org> and subject line Bug#990561: fixed in libuv1 1.24.1-1+deb10u1 has caused the Debian Bug report #990561, regarding libuv1: CVE-2021-22918 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 990561: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990561 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libuv1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, the latest nodejs security release included an issue in libuv: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ The patch hasn't landed in libuv.git, but here's the patch as applied by nodejs: https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d971631829 For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-22918 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: libuv1 Source-Version: 1.24.1-1+deb10u1 Done: Dominique Dumont <d...@debian.org> We believe that the bug you reported is fixed in the latest version of libuv1, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 990...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dominique Dumont <d...@debian.org> (supplier of updated libuv1 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 04 Jul 2021 18:42:30 +0200 Source: libuv1 Architecture: source Version: 1.24.1-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Dominique Dumont <d...@debian.org> Changed-By: Dominique Dumont <d...@debian.org> Closes: 990561 Changes: libuv1 (1.24.1-1+deb10u1) buster-security; urgency=high . * add patch for CVE-2021-22918 (Closes: #990561) * For buster, this patch also tweaks tests so they can be compiled. (because of a missing macro and "static" declaration) Checksums-Sha1: f9cafe9e5c02431f26945de9fff040e3984cc46f 2084 libuv1_1.24.1-1+deb10u1.dsc 83ec703ec3a3a4b62c73f6930ca60ceccf41b64b 1204188 libuv1_1.24.1.orig.tar.gz dc5d6724bbec659e30321b67a186d1d8fd8cb19c 17248 libuv1_1.24.1-1+deb10u1.debian.tar.xz 1131e73b5d402115d9de43c7bdd7fe47f140e66a 6202 libuv1_1.24.1-1+deb10u1_source.buildinfo Checksums-Sha256: 03683643b506f3dec9c5e611a4d9faa43482616317d7d69fcaab4de669e2a137 2084 libuv1_1.24.1-1+deb10u1.dsc 55f4d03e5d600d8a753e8f300f4ce5a9a39d7f8386855627fcc952bd561f4b4e 1204188 libuv1_1.24.1.orig.tar.gz e9812eda6552f94291863216c27dba5502504f197211e0c5285a9727483f4b27 17248 libuv1_1.24.1-1+deb10u1.debian.tar.xz 6f80e580a58c4934ff134e786a22f5b1e6978404e53a37721fa569d929b2b6a1 6202 libuv1_1.24.1-1+deb10u1_source.buildinfo Files: 25c1a696134fcb8d84da2cf4e39fdee4 2084 libs optional libuv1_1.24.1-1+deb10u1.dsc 31f92d18edb56afa7a3828a827cbe2a0 1204188 libs optional libuv1_1.24.1.orig.tar.gz d00c3fd9e49057f3930352d535a7c164 17248 libs optional libuv1_1.24.1-1+deb10u1.debian.tar.xz e3a62236136f282aab7960ea11c8ee20 6202 libs optional libuv1_1.24.1-1+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEn3I5/LZk8Qsz6dwDwx9P2UmrK2wFAmDipuAACgkQwx9P2Umr K2zgXQ/9F5pEBxrgfBOnQ1Fz3iJL3fhsqBKiWS9UeMgvkcLfWiqjwRpSD4D9AOJw J57H3E6usXSyUwsur/Wf1r+Yj/li6f9wSpK/iMxXnyAOKTFQDQetVMQTxTKigTNO k/it041cwhChljRGv3r90Zc8/ddJ+2ppVRPoiteJjYQfQFpv6qFizLwPIk28iucT 3SGxBxnteJRBeEhdNT7yobENN5fKu7fLi2pVzoDIlM2ak30g/UTQb9P927UdYIOm MLP6J9WC6NxMaUVXzn01xgyeIfXta0ddAR2+OQNGjtphSYD+En/4zX9pzMRtShTV 38MuqTn6KeyhvPklJokonu3L9DuObQLyA0FkupYTRuaPKJE51L3dVwMsEDvfjTZZ tTwLrWXsnoDxUyKXdAbnjd8AWcdLkKVvHj6RqUkjUvtTcR/5f55odN48WhXO8Qs2 5SvcLW+iuqcnsDsdylNynVEQce8P/vkjXOm+ZJac/AyL7w/109tgS4pdCENWrcnJ MxvlNbfd9vUp1TNh7PWi5oDnXXPdv5vkVOHpZwNSaDwgOsw4usVeiOohJos/qNy/ jGzoCdM6845TkJKl2VJwhImeFyRY9VLG6BiXHW4tKe9riLVc5g2JBhTi0qlXzvlb zKd/37g8FLBTtsJ4biRFIhl6rrqVzvzb3SK2evwnvTIv6KTxWfs= =y4X4 -----END PGP SIGNATURE-----
--- End Message ---
