Your message dated Wed, 22 Jan 2020 05:49:34 +0000
with message-id <[email protected]>
and subject line Bug#934712: fixed in node-mysql 2.18.0-1
has caused the Debian Bug report #934712,
regarding node-mysql: CVE-2019-14939
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
934712: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934712
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: node-mysql
Version: 2.16.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/mysqljs/mysql/issues/2257
Hi,
The following vulnerability was published for node-mysql. I'm opening
this bug for now mainly for tracking. The upstream issue got locked
down and the original report removed until further investigated. See
[1].
CVE-2019-14939[0]:
| An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for
| Node.js. The LOAD DATA LOCAL INFILE option is open by default.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14939
[1] https://github.com/mysqljs/mysql/issues/2257
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-mysql
Source-Version: 2.18.0-1
We believe that the bug you reported is fixed in the latest version of
node-mysql, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <[email protected]> (supplier of updated node-mysql package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 22 Jan 2020 06:36:33 +0100
Source: node-mysql
Architecture: source
Version: 2.18.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Xavier Guimard <[email protected]>
Closes: 934712
Changes:
node-mysql (2.18.0-1) unstable; urgency=medium
.
* Team upload
.
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Submit.
* Remove obsolete fields Contact, Name from debian/upstream/metadata
(already present in machine-readable debian/copyright).
* Update standards version to 4.4.1, no changes needed.
.
[ Xavier Guimard ]
* Declare compliance with policy 4.5.0
* New upstream version 2.18.0 (Closes: 934712, CVE-2019-14939)
* Remove readable_stream.patch
Checksums-Sha1:
fbeb6b1c5c7be219354ec1174e50034ad573750e 2353 node-mysql_2.18.0-1.dsc
acd2943773e0124e764c2b312bb2f09378878c67 10455
node-mysql_2.18.0.orig-sqlstring.tar.gz
495077d40c4646145e960bfbd93cfd1c1337e2ea 153901 node-mysql_2.18.0.orig.tar.gz
1ab4579cfaa09ab0129ba427694f794751b3cd32 3040 node-mysql_2.18.0-1.debian.tar.xz
Checksums-Sha256:
8f64b1d55d00b51d39952c02aaf5fc24cb8c7f2c5f37d1601a866943231ab79e 2353
node-mysql_2.18.0-1.dsc
51ec44fc8bd857154dcc512ca79fee78dbce57b68350bd48c429712fa9137adb 10455
node-mysql_2.18.0.orig-sqlstring.tar.gz
4a44e0177e508495742e5159a837a49dcaff7cf501dc78134c8f7d5f923500f3 153901
node-mysql_2.18.0.orig.tar.gz
30146ecdc17398f664544c394025152463192fa54fb0cc69ce0b7cd8936b8f82 3040
node-mysql_2.18.0-1.debian.tar.xz
Files:
fcdadd9736b4d1090e5be9a071803afb 2353 javascript optional
node-mysql_2.18.0-1.dsc
f5a871e9f72897869141ff2f168045c9 10455 javascript optional
node-mysql_2.18.0.orig-sqlstring.tar.gz
11dca1e942b9740f95f1e0be2eb622a4 153901 javascript optional
node-mysql_2.18.0.orig.tar.gz
bdf45c740df6bac3261a86287d0b7f2f 3040 javascript optional
node-mysql_2.18.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl4n36MACgkQ9tdMp8mZ
7ukLyQ/4kOxmxTlqfibdznqLAQzJ77FMNmAHzaccBJAJ4tEHvhSZmn+y8sYuvzcO
1sPK4wL/eOrYhuL/jPJxm/o2trfRyAlIVrfaZTdIeJaqccPZxarhupHujxPWH85B
fuI7qVuGapJypIEhWdhLn8EaSW6E1pNJ8Dhpxvr6JDUuCMoNnMN4JNrKizVtQhRR
4Y621TAIuCS9eF+8I0uA4r/Z8OpT5vBwQ02Xjmcbh00bKIpjG3LH4dOXUg2nOd/X
xe1dRlCxcJ3VLU+pYic9XZ0vwwRq4BymiK0t/OJiXD3PF99YXbgNTpz94Q8Mq2Fz
S9Tm2Wl5iG5bzPkcAi0WfSltV/0HeksXis6cG11gqnGW3Rxr0q2Zhu6OxqSVqVBq
vEQ/KRt01LWaxm+QPRHDPwifkYgczSaJkRPorZLDzv0qPRvTh1x1hE8TipauzoWW
FrqMI2QmCG1GeEUzprP5vHuaOMgvb1N2/uLGAMlQTczmz/lX8oAFr/O52l8BaKNG
B9ydFpxXJtSzQpGK+wyHOKq9xk1zlCxpwEpK41EPKGrlKxmDEa2m0Drry9FGbn/p
+Rst/JD9J2lqHLffCBG059wmKkHUe6FNnpD24uDoESUCzP0eNyIg5lgQCLyK9emi
PYtlBTXhUgzY0km9wiS2btusweG0ledNlEF6y+P3ml4/u4r+WA==
=PMTB
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
