[Pkg-javascript-devel] Bug#932500: marked as done (vulnerability: CVE-2019-10746: prototype pollution)

Wed, 31 Jul 2019 01:15:40 -0700 

Your message dated Wed, 31 Jul 2019 08:12:47 +0000
with message-id <e1hsjj5-00088h...@fasolo.debian.org>
and subject line Bug#932500: fixed in node-mixin-deep 1.1.3-3+deb10u1
has caused the Debian Bug report #932500,
regarding vulnerability: CVE-2019-10746: prototype pollution
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
932500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932500
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: node-mixin-deep
Version: 1.1.3-3
Severity: important

Dear Maintainer,

node-mixin-deep 1.1.3-3  is affected by a prototype pollution vulnerability:
https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
https://github.com/jonschlinkert/mixin-deep/issues/6

Please upgrade to either 1.3.2 or 2.0.1.

Thanks, Paolo



-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages node-mixin-deep depends on:
ii  node-for-in         1.0.2-1
ii  node-is-extendable  1.0.1-1
ii  nodejs              10.15.2~dfsg-2

node-mixin-deep recommends no packages.

node-mixin-deep suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: node-mixin-deep
Source-Version: 1.1.3-3+deb10u1

We believe that the bug you reported is fixed in the latest version of
node-mixin-deep, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 932...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Xavier Guimard <y...@debian.org> (supplier of updated node-mixin-deep package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Jul 2019 17:41:17 +0200
Source: node-mixin-deep
Architecture: source
Version: 1.1.3-3+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Xavier Guimard <y...@debian.org>
Closes: 932500
Changes:
 node-mixin-deep (1.1.3-3+deb10u1) buster; urgency=medium
 .
   * Team upload
   * Fix prototype pollution (Closes: #932500, CVE-2019-10746)
Checksums-Sha1: 
 11bf4c0d49d37420025d453d3e3f1262be5c5c1e 2168 
node-mixin-deep_1.1.3-3+deb10u1.dsc
 5334c4a71599824920cffe4f6e8c1c54f9e24548 2964 
node-mixin-deep_1.1.3-3+deb10u1.debian.tar.xz
Checksums-Sha256: 
 b9efe61ac02899a3a3b3efb7790bb6441fb5900a8ca43ed8003b4201198a92d7 2168 
node-mixin-deep_1.1.3-3+deb10u1.dsc
 2d4ff27169fbf7db4f4c7a2112cebad5cb4b72448a34bc55a7e19bd3e9a768ca 2964 
node-mixin-deep_1.1.3-3+deb10u1.debian.tar.xz
Files: 
 5fa4fcb5f57bd40b5af59dc8f9790398 2168 javascript optional 
node-mixin-deep_1.1.3-3+deb10u1.dsc
 3f1ec6177f37f49235741a9d45bd776a 2964 javascript optional 
node-mixin-deep_1.1.3-3+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl079SIACgkQ9tdMp8mZ
7ulNOA//dlzvHRv+BJ293D2Jmhx2POC4VFNdg/W2zh54AyaUkkYJqh4cdDrSa0aN
kHvtZnJ/YPIpciCTrL5zPoYfEaApDjyzLJSGfh89TCLy1kcEDGQCyXAOe4JxYDyS
TBYHiazInxAfXN8+70CHWYyc520Ni4UiVbeiqzy4tZVEoOsfJ/7ZA7EUOypEb2BF
IIc4vNT+iZX1+L+tVhQlcvJ0VNdPlzpjUMdrw0JzV5zd252T5K4yyJdQBPH4yii9
+EHle53/omaKK3uDIwyADdG7vUa5nbVQ7vUNDgrTTmPQfo0zv6gb+/f+n0ai99B2
JFE5ySEH8swbHItCDK4OgBv6isIAeK9HSnXo4q0/qI+XnDuIhT6z43toD1Ajd2cQ
XVuKO5aHHii4kjrCeUrAS6Fe4b9ImH4IasbdsHoPrEVFDjWDYEH2zV7LvRsYOK0g
JtLpFO71P9RbEy7A3d8mk5Mi+9DwkrvG6czyEFFSovbsoMJ7OBItGKxVSJ5qCJGy
2WxDoWhVSxX0PmIGTuwYsVnEidItFLDYPW7LIHfTiPXho6v7rs9WlSSMe+H5me9q
T2/dtUvB2piOwkFu8J5DZCnBUos0QD7Tn9G0pIBG45LOxyhJ3kBOhOgbZGXXMsZ4
JrkbOABwHCIOAqzT5k4uOM090El66sBNrBjI6ouuH2aNJgsnQR4=
=aHrs
-----END PGP SIGNATURE-----

--- End Message ---
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to