Your message dated Sun, 21 Apr 2019 12:49:25 +0000
with message-id <e1hibup-000ewu...@fasolo.debian.org>
and subject line Bug#898315: fixed in node-mixin-deep 1.1.3-2
has caused the Debian Bug report #898315,
regarding node-mixin-deep: CVE-2018-3719: Prototype pollution via merging
functions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
898315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898315
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-mixin-deep
Version: 1.1.3-1
Severity: important
Tags: security upstream
Forwarded: https://nodesecurity.io/advisories/578
Hi,
The following vulnerability was published for node-mixin-deep.
CVE-2018-3719[0]:
Prototype pollution via merging functions
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-3719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3719
[1] https://nodesecurity.io/advisories/578
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-mixin-deep
Source-Version: 1.1.3-2
We believe that the bug you reported is fixed in the latest version of
node-mixin-deep, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 898...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated node-mixin-deep package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 21 Apr 2019 14:24:15 +0200
Source: node-mixin-deep
Architecture: source
Version: 1.1.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Closes: 898315
Changes:
node-mixin-deep (1.1.3-2) unstable; urgency=medium
.
* Team upload
* Add upstream/metadata
* Declare compliance with policy 4.3.0
* Change section to javascript
* Fix prototype pollution (Closes: #898315, CVE-2018-3719)
* Switch tests to pkg-js-tools
* Fix VCS fields
* Fix debian/copyright
Checksums-Sha1:
85f9a631d08fed37655e9628d364c511125c8e9d 2138 node-mixin-deep_1.1.3-2.dsc
74d2af7fa434b3c72ba331c733300d9fcf396feb 2632
node-mixin-deep_1.1.3-2.debian.tar.xz
Checksums-Sha256:
661061b635d6a7a044541d8e088af8680d84460b9fe47eebde55a842aa8da5ad 2138
node-mixin-deep_1.1.3-2.dsc
505d5fa4bdf7360e876a4bfc22da2ea671cb6460bd3b88f99cea686be281c676 2632
node-mixin-deep_1.1.3-2.debian.tar.xz
Files:
d0f67066ac7f5f67711e569425b08e8c 2138 javascript optional
node-mixin-deep_1.1.3-2.dsc
17f338bd3eceda445ee2fc13bd4751bb 2632 javascript optional
node-mixin-deep_1.1.3-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAly8YrIACgkQ9tdMp8mZ
7ukwphAAnFVenanNc90E6/kaRTqGBiYhey8//eZ6JwNz7dJhZM/dYnO89AvfNX1U
fuZs9DPWdoJLkn82KxHXFsdaV+b3Tw7ptfjmOGeByAw9WMunZTqmfjND+QQc3D+u
J1o2+mHq6OXVMQ5hsEaFMfonY6C6lMOYMBwZjZoP8tn6TnahgxGeFov/BM5kP24l
gh9EkFBufK7EXwQjIfEpsvqhN7k977kDG0HJx8xrd4b1hrXQvabl2KpvAd3YnkUU
GFdiru8BL0GZsiIIiT03sCkBNC6uqDTRn8oBYas6WIw/Va/5b/lqoTnxySo18Qne
T8XTPqCxffhdp4LmDdY9NK/Dm4MnN+kQSRX3xTTxvSqknK8Ao8+YTCHBgHMuzi81
grFw7XNScMaNg7lndJ12YxeFu6mel+CbDkCCWcSE+UW+gGi+/AfJz6bqGL819oLX
bxxmi+Z4o11W22sWpMVDnleLS5wohCovptpj4sJFeTaKET5hOnY6HFQTCXIafAxm
11aeOrwZCj9Bx9Zp8H+5Yb3qe0cYRkzngmCbxdizIkLToPg+qJ+4KIkcSWmV0M16
zjfzlkZYE3cgPXYx7Q8UpK+d9f7VE0c4ZEBmx2/fVv2fkD6BuuZf9n+ISZKl1FUT
9qNOYFDLfRZisN/lKCdZU+giq0EyAkS/rbk58zV63yXbupMTfL4=
=S880
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
