Your message dated Fri, 24 Sep 2021 09:48:45 +0000 with message-id <e1mthoz-000b7v...@fasolo.debian.org> and subject line Bug#994974: fixed in node-define-property 2.0.2+really+2.0.2-1 has caused the Debian Bug report #994974, regarding node-define-property: Please deembed and fix vulnereability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 994974: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994974 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: node-define-property Severity: serious Tags: security upstream fixed-upstream Justification: security bug Forwarded: https://github.com/jonschlinkert/define-property/pull/6 X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Dear Maintainer, According to https://www.npmjs.com/advisories/1490 node-define-property is vulnerable Because it embed small modules that are vulnerable. Embdeding is bad and we have here another proof Bastien
--- End Message ---
--- Begin Message ---Source: node-define-property Source-Version: 2.0.2+really+2.0.2-1 Done: Bastien Roucariès <ro...@debian.org> We believe that the bug you reported is fixed in the latest version of node-define-property, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 994...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastien Roucariès <ro...@debian.org> (supplier of updated node-define-property package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 24 Sep 2021 09:17:33 +0000 Source: node-define-property Architecture: source Version: 2.0.2+really+2.0.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Bastien Roucariès <ro...@debian.org> Closes: 994974 Changes: node-define-property (2.0.2+really+2.0.2-1) unstable; urgency=medium . * Team upload . [ lintian-brush ] * Set upstream metadata fields: Bug-Submit. * Remove obsolete fields Contact, Name from debian/upstream/metadata (already present in machine-readable debian/copyright). . [ Bastien Roucariès ] * Drop eembeding thus fix a vulnereability" (Closes: #994974). Checksums-Sha1: 4bfb9c0f125c734166afce939050c7e423bb7814 2325 node-define-property_2.0.2+really+2.0.2-1.dsc 54b4eb9b2347af39f38fb7d7a22a105b206c90a4 6567 node-define-property_2.0.2+really+2.0.2.orig.tar.gz 79354ffd7ee0b92268d46ee829796d25b7929ee5 3568 node-define-property_2.0.2+really+2.0.2-1.debian.tar.xz 56ae7dfec6629c1863543c11738d41606a2ada24 10502 node-define-property_2.0.2+really+2.0.2-1_source.buildinfo Checksums-Sha256: 0ca8ac0f72b0d87435e9520f8f188f2d9bc44931c35761dd4d611d08842c5e94 2325 node-define-property_2.0.2+really+2.0.2-1.dsc 6c0ddbccfd175e7496506c7e5473bce47614e17c6c859563eef797a6e567c1ec 6567 node-define-property_2.0.2+really+2.0.2.orig.tar.gz 2967b9937af9669840c1ec4ef0728ed37f628b2486fb7d48d7845f42fb2934f7 3568 node-define-property_2.0.2+really+2.0.2-1.debian.tar.xz 86b593e6b28846c5f10973ed5cd2107c8b12a3726d4ac575a57c9c1040ff4a8b 10502 node-define-property_2.0.2+really+2.0.2-1_source.buildinfo Files: 4c513e9f05aece71264c7c7fe629a1c3 2325 javascript optional node-define-property_2.0.2+really+2.0.2-1.dsc 9c96b7d30f56113f527def155dedad1b 6567 javascript optional node-define-property_2.0.2+really+2.0.2.orig.tar.gz 180530e2b5fd176f7cdcb891a19c7c25 3568 javascript optional node-define-property_2.0.2+really+2.0.2-1.debian.tar.xz 9f4d22c9a54ac1d75f7249c5c91ea52c 10502 javascript optional node-define-property_2.0.2+really+2.0.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmFNm1cRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF/cNg//cCn90tZjj9Y6akOeMZkLfeIsTjAscAsC rbqolFiSkYIvc1NEafRDj6+gxUP1vXgOyOXAP4ribQieX8UMhYHfpHjhIjEfX/bk NnjFYXZqq8UtXkTzFjtRxgnQ3IQQmdESHc5f5L6P+COuePTfbp0Q41XPd4SdzjXB 5fOqDmGcSbtr84V0pOeaTJwMYBwTeAT5pnjtltAJ+dmbm+vIT7GhNfM/Xxp0uB2X T7JwjrWUZ4LPIieeyrKeKyNdEUMCr0XDXBUorG7dWLKqb/tyMgne3Qy5hU40s3J/ AC1ajKuWPJYKD8Cqkad0/VRT6L61T3YBFx+ZVnrxCXR/fR93njWT/LAgOSNm5VPB CGG4NPTl0vK3tmJciqqTYtbhCZ+cv9vPlmIID+jwIeBgOr/deWNM3lYBXiGxlaGY dn3XXJ2dn3uHXpC7QYikBsArLfP83eyDoui4kV1deqsRJ0AHNvSY+QuvBeVigMIP r7uSFTSzbCAZzF/W2vB+p06YCwHes4INWGdK1UNzF6lAlPHVQc/fL8exeekmrm81 v6IpEStsCKsGIsOVs9xlPQ0vqa7QAPQGPGmDCPlbzKbosKSQ47Ym0RUDMflPmsoE uLz3xrxZADUvV5udmK4lnz6pGMJvSWr8AVfyyPtcBOSv6Zlb+aPN++RPyRmwCIYw Pq0uT5tg2J4= =we0m -----END PGP SIGNATURE-----
--- End Message ---
