Your message dated Sun, 20 Dec 2020 10:33:29 +0000 with message-id <e1kqw1p-000fev...@fasolo.debian.org> and subject line Bug#977467: fixed in http-parser 2.9.4-2 has caused the Debian Bug report #977467, regarding CVE-2019-15605 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 977467: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977467 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: http-parser Version: 2.9.2-2 Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ is for nodejs, but the underlying issue is in http-parser, which Debian's nodejs uses. This is already fixed in experimental, if this can't be used there's also an isolated patch at https://github.com/nodejs/http-parser/commit/7d5c99d09f6743b055d53fc3f642746d9801479b Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: http-parser Source-Version: 2.9.4-2 Done: Christoph Biedl <debian.a...@manchmal.in-ulm.de> We believe that the bug you reported is fixed in the latest version of http-parser, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 977...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Biedl <debian.a...@manchmal.in-ulm.de> (supplier of updated http-parser package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 20 Dec 2020 10:26:44 +0100 Source: http-parser Architecture: source Version: 2.9.4-2 Distribution: unstable Urgency: high Maintainer: Christoph Biedl <debian.a...@manchmal.in-ulm.de> Changed-By: Christoph Biedl <debian.a...@manchmal.in-ulm.de> Closes: 977467 Changes: http-parser (2.9.4-2) unstable; urgency=high . * Upload to unstable. Closes: #977467 [CVE-2019-15605] * Make build on i386 pass * http-parser was abandoned upstream, cherry-pick commits since last release that seem sensible to include. Checksums-Sha1: 4344186a9c259e978301b540569c02e3abfe5a41 1946 http-parser_2.9.4-2.dsc 11f9c9f1e76c0a40a5091e85ab865d4c3a2e60a4 9576 http-parser_2.9.4-2.debian.tar.xz e4e6ae5986680727b2ecdd3fb07045bf5e39ca71 6348 http-parser_2.9.4-2_powerpc.buildinfo Checksums-Sha256: 427ccf10bb4a71726efd39d969ff0b93fc23f00622ee555066ab7073c715ddef 1946 http-parser_2.9.4-2.dsc 029f7a7dc4940fa9e12cd3f3b07ab752befb21ead4dcb922a821a3c92d093811 9576 http-parser_2.9.4-2.debian.tar.xz af6b6fc0c02fb2ecc43132cf5ae177f03551b9341b22d26c584a99541cad6f77 6348 http-parser_2.9.4-2_powerpc.buildinfo Files: dea73d56fbcd284ca05d72a6eef63ec6 1946 libs optional http-parser_2.9.4-2.dsc 74968c22cceb1764c5474b8f0d6b6406 9576 libs optional http-parser_2.9.4-2.debian.tar.xz b66a4464904f5168b1aef8ee9339ab13 6348 libs optional http-parser_2.9.4-2_powerpc.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAl/fI1sACgkQxCxY61kU kv3jtA//XUz8EjyoQigCdARGMeHOr3vjTg4llg1xmJis8RHdnloPsw8wboiXXy9L Cu+29Yuiz4J7huXLMFFgcmT4Nol3vuUQTcap7kfFEX8yio6DyEykOZeKpDMON5ja heG+UcrCv92YMohkaGfvuZBGpxhzJLoaEysHoa2A3YSBOQk6hfAcNOZwGxqUhaPY RaL6eClAXmwAZGby9bHO5hMSBr5nEe2TIWzo4CS/yXAy0GYOHy19aW2EhbtltGe0 i8YDVRZs0ChtTLNDaoP7mXLfULVklk0k5udXglMXwSFmYQqvvc0AECduO7boEjD+ 37oGrq8NSlQJgeLy25Ju5RPs265g2EEaAS6TpQv8l3oeIkvjrVCekusBU5LfkiBk 2X6aToNnJ4BWjyGcgHkIrgbq88CPim6WGF05rNxFbmAlxuS1Zxr8ifv0dLhFzZOG N0k0Sv9iopQqcUCCLFGw+ygKeGnv4xtNDYTXVeK5uElClLEA89FuLsHjgX0PNCf3 VwnRCnpwV3gFXZFJxOJlDVIfjlMeyyDsyeUVc4EccV6x0oJn6UToc0px9DsiwVAb vRekYcbACDPruFnfWEnVI8voBmOQGj0upMhj4mmbQlLQwxP80YPDZHlwmndXZF/9 WF21U9u7UXJJwcQGkAb5ihRWq8A3RMqOZfA1cT+bBZQdcApcRik= =NztP -----END PGP SIGNATURE-----
--- End Message ---
