Your message dated Mon, 31 May 2021 10:18:31 +0000
with message-id <[email protected]>
and subject line Bug#989258: fixed in node-got 11.8.1+~cs53.13.17-3
has caused the Debian Bug report #989258,
regarding CVE-2021-33502
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
989258: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989258
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: node-got
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
node-got bundles a copy of normalize-url, which is affected by CVE-2021-33502:
https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
Patch:
https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: node-got
Source-Version: 11.8.1+~cs53.13.17-3
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
node-got, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated node-got package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 31 May 2021 11:57:23 +0200
Source: node-got
Architecture: source
Version: 11.8.1+~cs53.13.17-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 989258
Changes:
node-got (11.8.1+~cs53.13.17-3) unstable; urgency=medium
.
* Team upload
* Fix ReDoS (Closes: #989258, CVE-2021-33502)
Checksums-Sha1:
d8da2fbb715075394b5c03025817122a3061e01a 7497 node-got_11.8.1+~cs53.13.17-3.dsc
96693a5b5807c8797af7f494d1447ed6844b98db 7044
node-got_11.8.1+~cs53.13.17-3.debian.tar.xz
Checksums-Sha256:
183d4fbff52dfe7c094699bdb9a9418a289312674849919a9e9b25b83a759d4b 7497
node-got_11.8.1+~cs53.13.17-3.dsc
2152441d02490e3ba104bbc6be047eccb68e3e15adf8c36a6791306191a9de31 7044
node-got_11.8.1+~cs53.13.17-3.debian.tar.xz
Files:
f27bf49534c36ddf8cdabe31132f543a 7497 javascript optional
node-got_11.8.1+~cs53.13.17-3.dsc
8621280f41de446bfe30cb4c2745d2d7 7044 javascript optional
node-got_11.8.1+~cs53.13.17-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmC0s/wACgkQ9tdMp8mZ
7ukiwQ//UbDskqzKyBaZMBDxpAKK87FHqPNiZEwDC0bjLimWK9P49hkETSqAdh+d
vulFRXnFx5cWjDI9AIc1Adail91e/bb++gzrX5PHgg7eIQ9TC9kPiCLy/pEX3npr
0Ji7ir7kc2+TXS2KKF6aIspKsDMHUcpL55DVpVZ+UW1zaqTYERs1kT1+Tm8yt50o
R5yGK/ojG7T1M9jjs4beUVrWqUtTHWnFNc0+vAr5YRZZxPcPf20aZ+H9gkh6m9XX
pu+5F40rJuPFDGWWLWuM/D6THOTceshTVkMqq7/2FMY3bYhn5d1sKLQ5L+F9a+8Z
MyaIr9cdQmEYeVBMqa9TMLc60hNwWVzJ0zFlIGLBPlRV8/IOYXucmIVjA/9PptWR
UCF/nYchlwgMRJ+p5WL2DeedKSonbw+clgCHVPyhcENHEINeBBBgjxtaaBLBJsvB
nz6GpZ3E0/oOi3qDo3zElJym5Onb40fyVWAvJ99rXb5vJlNQ0DnH2lmryfeL+QZY
l0GSvarbXlbTd6dXLsH9h3O+osVd2QvSI7NJH6nmVxXMUhS6trPnHoPlNwezNPOJ
2dt6LeBzWgUTHUCPvVL9fCLU43c+3g2YeFndPfJZXZ/65Lh/0DPMOjWOij9g8f29
nZMLAhIyXNqeauc0FZ07VTokp47OLcM6na1ZncvMQ9BRwtbGw2U=
=ejOB
-----END PGP SIGNATURE-----
--- End Message ---
