Bug#1103133: marked as done (Segfault with shared libuv on x86 (CVE-2025-47153))

[Debian Bug Tracking System]

Your message dated Thu, 01 May 2025 09:35:33 +0000
with message-id <e1uaqkl-000u1n...@fasolo.debian.org>
and subject line Bug#1076350: fixed in nodejs 20.19.0+dfsg1-1
has caused the Debian Bug report #1076350,
regarding Segfault with shared libuv on x86 (CVE-2025-47153)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1076350: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: simulate-event.js
Version: 1.4.0-2
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20250414 ftbfs-trixie

Hi,

During a rebuild of all packages in testing (trixie), your package failed
to build on i386.


Relevant part (hopefully):
>  debian/rules binary
> dh binary
>    dh_update_autotools_config
>    dh_autoreconf
>    dh_auto_configure --buildsystem=nodejs
> Link ./node_modules/xtend -> /usr/share/nodejs/xtend
>    debian/rules override_dh_auto_build
> make[1]: Entering directory '/build/reproducible-path/simulate-event.js-1.4.0'
> browserify simulate-event.js -o dist/simulate-event.js
> make[1]: *** [debian/rules:11: override_dh_auto_build] Segmentation fault
> make[1]: Leaving directory '/build/reproducible-path/simulate-event.js-1.4.0'
> make: *** [debian/rules:8: binary] Error 2


The full build log is available from:
http://qa-logs.debian.net/2025/04/14/simulate-event.js_1.4.0-2_testing-i386.log

All bugs filed during this archive rebuild are listed at:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ftbfs-20250414;users=lu...@debian.org
or:
https://udd.debian.org/bugs/?release=na&merged=ign&fnewerval=7&flastmodval=7&fusertag=only&fusertagtag=ftbfs-20250414&fusertaguser=lu...@debian.org&allbugs=1&cseverity=1&ctags=1&caffected=1#results

A list of current common problems and possible solutions is available at
http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects

If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.

--- End Message ---

--- Begin Message ---

Source: nodejs
Source-Version: 20.19.0+dfsg1-1
Done: Jérémy Lal <kapo...@melix.org>

We believe that the bug you reported is fixed in the latest version of
nodejs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1076...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 01 May 2025 11:09:56 +0200
Source: nodejs
Architecture: source
Version: 20.19.0+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-de...@alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapo...@melix.org>
Closes: 922075 1076350
Changes:
 nodejs (20.19.0+dfsg1-1) unstable; urgency=medium
 .
   * New repackaged upstream tarball includes deps/uv.
   * Add missing changelogs to nodejs-doc
   * Lintian: old-fsf-address-in-copyright-file
   * watch: fix ada url to actually get current version
   * copyright: document deps/uv
   * Build bundled libuv on i386 architecture to fix CVE-2025-47153.
     Closes: #922075, #1076350,
Checksums-Sha1:
 439fffc35932c87ef3df7e2ad7799605736735e7 4391 nodejs_20.19.0+dfsg1-1.dsc
 36d594cccc87915a298fccaa4f30843f6a7af2ec 274900 
nodejs_20.19.0+dfsg1.orig-ada.tar.xz
 4685a4731de0572faf85557a03c73b517c61ee7e 302416 
nodejs_20.19.0+dfsg1.orig-types-node.tar.xz
 f95c375504a37d9fcda562adc5ed64dec50b74b6 19899220 
nodejs_20.19.0+dfsg1.orig.tar.xz
 2e304613ebb394c662978bb113bc75bab514e2c7 158884 
nodejs_20.19.0+dfsg1-1.debian.tar.xz
 643b351d4fdd13935849a1a5b8c7bc7ce6e1f54c 10688 
nodejs_20.19.0+dfsg1-1_source.buildinfo
Checksums-Sha256:
 a0e11e0550d2b43ceb0461437f4a31f3442844c13b7f7852b0ed66964ed947bd 4391 
nodejs_20.19.0+dfsg1-1.dsc
 26deff017c505b316f2498aaf293c896f4ab92b5349b367cf21fe14fa2cbd1e1 274900 
nodejs_20.19.0+dfsg1.orig-ada.tar.xz
 65900324d2dda4d59ff1878c030224b0f293a6a4fb65af9369bb2b3784335e73 302416 
nodejs_20.19.0+dfsg1.orig-types-node.tar.xz
 4f36b18aa3ef2b17d30fb52f6f4cb91592949e9d7473590863f6646f55eab939 19899220 
nodejs_20.19.0+dfsg1.orig.tar.xz
 4e46ead4e101782ad765f2dcaacaaf35a5d61bcf4e9225fbbbb0baecc482a85b 158884 
nodejs_20.19.0+dfsg1-1.debian.tar.xz
 fc05efcc9889bd3439a1f03b082fea429455f07d2db0e33e319e3e88323a2372 10688 
nodejs_20.19.0+dfsg1-1_source.buildinfo
Files:
 ce5389646e67b755a12d322bc055f8df 4391 javascript optional 
nodejs_20.19.0+dfsg1-1.dsc
 fd9ff3be8b8b43905dd24c5af24aab16 274900 javascript optional 
nodejs_20.19.0+dfsg1.orig-ada.tar.xz
 c6a9ccfd7bbd95365b6b843ed20f5b38 302416 javascript optional 
nodejs_20.19.0+dfsg1.orig-types-node.tar.xz
 344a4ff18346ae817e1a9e2d5ff3ad82 19899220 javascript optional 
nodejs_20.19.0+dfsg1.orig.tar.xz
 8203423444d5be08f22fd02df51c2a4b 158884 javascript optional 
nodejs_20.19.0+dfsg1-1.debian.tar.xz
 456bf3a1806c2f18c1231f264b7dc3df 10688 javascript optional 
nodejs_20.19.0+dfsg1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmgTOpYSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN02HkP/R3P2g+zTCDZrB7MrfwMn8DO1zL27H9a
NkH5+8SUYcnVuIczcLaW9aWfqT6+Oot6Lr/W2T24Rphd/nwbHkpyUI7GCAfWhifa
NHE0ckb7V3yeqVRS+pF9J4rwdyFWftt6/+nrRMU/dtBdQ4fRCYME6A36K33xttE2
iHpWfGEktWLhTEyxzd+D5um1rJ72FQ/05lQFsTPqntH8RHaLa4e2KEqvMcID9p8T
bNrRu4iYY2/3oc6NIcBIqFN01L4XcGERM8xwe91U5uwV8+KjONdx6Aem7M6kXEvt
vZu5TBx9uK+KeM2hzMvH1CBXJSavSfptpnr8v7KPBmtbSPgjJh2yww9Wz3lFc5FL
nN/Yan4kSUWHcCK8CUfVwAaaq/IBJZ/Qi02TLw9bwF248g/MXyS6MQLpbfXoY4ll
UD20oAcoNPb+Jhixeo8xY6IqM5vWq7Xuh+rKPEFVrCs4NMcVGw9WMDk5GRsne2FO
UjyNNDdPf8FdydMiaDzyH/V8IP8ppwl2g8g+2Jbe+4e2fA5inrtU5d/Zk/iNKr8E
jdwvt3BomLRujUto0pDLa0rrlHL/W/WiW+rGHASr8FQRClBlUJKRF5FrK1TBFlN+
C/dowHX2tFHt1rxhMGJ/TvwUozarvXHhAdpDHryQp3DA869+x04JSDDcUEwbmnoR
asTNoQDS7aWx
=LgeN
-----END PGP SIGNATURE-----

pgpmALaufQQVS.pgp
Description: PGP signature

--- End Message ---