Your message dated Sat, 31 Jul 2021 11:33:35 +0000
with message-id <[email protected]>
and subject line Bug#991577: fixed in node-url-parse 1.5.3-1
has caused the Debian Bug report #991577,
regarding node-url-parse: CVE-2021-3664
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
991577: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991577
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: node-url-parse
Version: 1.5.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for node-url-parse.
CVE-2021-3664[0]:
| url-parse is vulnerable to URL Redirection to Untrusted Site
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3664
[1] https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/
[2]
https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-url-parse
Source-Version: 1.5.3-1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
node-url-parse, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated node-url-parse package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 31 Jul 2021 13:13:02 +0200
Source: node-url-parse
Architecture: source
Version: 1.5.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 991577
Changes:
node-url-parse (1.5.3-1) unstable; urgency=medium
.
* Team upload
* Fix GitHub tags regex
* New upstream version 1.5.3 (Closes: #991577)
Checksums-Sha1:
972532e512834bf8d532e5f5679da7ca77fcb610 2551 node-url-parse_1.5.3-1.dsc
fba49d90f834951cb000a674efee3d6f20968329 2028
node-url-parse_1.5.3.orig-types-url-parse.tar.gz
caad3f7fa09e5c0b8ea099e1bd63b1e242bf891d 16789 node-url-parse_1.5.3.orig.tar.gz
81c7e282b9c43a16d0b471fcf67824dca48dd664 4168
node-url-parse_1.5.3-1.debian.tar.xz
Checksums-Sha256:
ac8682a068fcbf40cab8c29c0e6d3ffe8069d5b3ec0c4b4b5aee065dc2c35868 2551
node-url-parse_1.5.3-1.dsc
aacd8bb80991adce84b6305b2f64d1644f16ac47376a0958954555517647b03e 2028
node-url-parse_1.5.3.orig-types-url-parse.tar.gz
1223358bf5f9cfcf0b1eb5619c1bb6083edb2cd92adba85b54235f6dac16aa08 16789
node-url-parse_1.5.3.orig.tar.gz
38288eea155fc07c4cc554f61caf93591ab7e22459a8631b266b4cf8a910ebac 4168
node-url-parse_1.5.3-1.debian.tar.xz
Files:
ffafb88c2f531b3b888b98a738f6e7f3 2551 javascript optional
node-url-parse_1.5.3-1.dsc
782204fc24278d978e12ef488becc87e 2028 javascript optional
node-url-parse_1.5.3.orig-types-url-parse.tar.gz
79427f60fc27609ae7b090b18216132e 16789 javascript optional
node-url-parse_1.5.3.orig.tar.gz
6f206066446281cf05fe6f62c2bad938 4168 javascript optional
node-url-parse_1.5.3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmEFMN4ACgkQ9tdMp8mZ
7ulkGg//Unj6TK3tN3YRDYX087P1pP3bG3Ey4XLLIRZpxJwdxlyhR7uBi+z4quI2
PIupzetOwsV642m0UOq6blxK7KfRaL3hCBl159E1v1iFoKa5rUq69sOcY+ZNYfNr
Ou3H+hv9zFIW9ye6Jm3RZSxNYI+vjOYElg3V2d8ARhX4Cv6n7mSQxLOrVFs07D+U
0q84E5uew5BqXmPqR60kQnruecY579epSYNp2ymbSKzPEDCXnfFQhji0Z5VZ1tde
6oY4G0UEdw252uHPufOR3P2za5OktMjmal7ETwVC9Qq1IS0ll8pK2aBiwC1oCKLN
0kOY43gmzozWkYTEG8+l9qtZ5hX3LlabprDLIfdzMlkZN4q/uTRW4bCz4veMW/EK
Zw8r+rhv89KSZ2Z2bF7mouBcw9nroXeY0CrwdL3wUiUJNRzPEcE3ALEJHvskllx+
iRz76GE7hnb5pP/3wvqMu8jIW0fAgc7X12djJtYZm2B4eS/qxuXVyErxu4jEAKB6
pw0miIpXxI6LzRcUS3ZQm+EYAq/xc+gKBWnNZ19IwYDeNXLi6uXy4Vw+JY3Gs+MP
1q0QMCs9+dZkO57cdDY/EC/5/528xwP306b9WBv7uvIUFipUNn5/pBlKuUWIxtbQ
BYm2sBgQfo2+YBkoyWqFPOtMxjznrJYbUBOsqvGRVH7TkW0EWdc=
=SMgt
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
