Your message dated Sun, 07 Mar 2021 04:33:26 +0000
with message-id <[email protected]>
and subject line Bug#984667: fixed in node-ansi-up 5.0.0+dfsg-1
has caused the Debian Bug report #984667,
regarding CVE-2021-3377
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
984667: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984667
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: node-ansi-up
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
This was assigned CVE-2021-3377:
https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf
https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: node-ansi-up
Source-Version: 5.0.0+dfsg-1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
node-ansi-up, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated node-ansi-up package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 07 Mar 2021 05:13:14 +0100
Source: node-ansi-up
Architecture: source
Version: 5.0.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 984667
Changes:
node-ansi-up (5.0.0+dfsg-1) unstable; urgency=medium
.
* Team upload
* Set upstream metadata fields: Bug-Submit
* Remove obsolete fields Contact, Name from debian/upstream/metadata
(already present in machine-readable debian/copyright)
* Bump debhelper compatibility level to 13
* Declare compliance with policy 4.5.1
* Use dh-sequence-nodejs
* New upstream version 5.0.0+dfsg (Closes: #984667, CVE-2021-3377)
Checksums-Sha1:
9c73ba82b58bbb924201cdb20990b4aa4c6a74be 2180 node-ansi-up_5.0.0+dfsg-1.dsc
8c0caf4b649be3f095bdb8698142b6806bf73578 36208
node-ansi-up_5.0.0+dfsg.orig.tar.xz
a04823056c4493fd75ded3c6c7422cb5eab9e3fa 3388
node-ansi-up_5.0.0+dfsg-1.debian.tar.xz
Checksums-Sha256:
1bcc5da11bc79de4f42f8ebf4168af6024074eeb0ce068a8c22ec5e733e9b108 2180
node-ansi-up_5.0.0+dfsg-1.dsc
323099dcf35054daff2e6f67053940018515b039a10417fedf6eee0b83f14b32 36208
node-ansi-up_5.0.0+dfsg.orig.tar.xz
4bda3c0a3854247102fddb0a650b917fcf3dcf154f3a683add593b1b1365a6cf 3388
node-ansi-up_5.0.0+dfsg-1.debian.tar.xz
Files:
2b69fe4ee8dc57d82ac57dd1cd1e8e28 2180 javascript optional
node-ansi-up_5.0.0+dfsg-1.dsc
846e3899c9d01ffe4d06c0afc7ef8f55 36208 javascript optional
node-ansi-up_5.0.0+dfsg.orig.tar.xz
03e0728639e05a7bea3b030248820cb1 3388 javascript optional
node-ansi-up_5.0.0+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmBEU5IACgkQ9tdMp8mZ
7ukxjA/9Gp65GMMg33MIjmH+EQiv+FfbalDj6/uUYQMpp18bewdlB1eQ0sE5ey/p
rE9PSLb3uHW0ogD1RUJJhdMA3baDlJAJMYQW0n5FaqyqpnS7ctRmEAu7w0RrTOob
4rkZ8/jOYtcHozBZMvh2CgJ/lea36dcPs4Km53vx8onVkwEfBSAEGe4uCCe+a7kj
Qq9R2jW7mq8GpV74zVzEQTUeC/e/APl6sWrcGsktLPQJ11NBJ6T6G/f563+m1NzO
TzSif5/n5C/mNnVH2ZonldHpgqQ8lvdXCarF6fB1WHjdUHfpyoqfw2aaauthbDvI
qY1Jebpayrr6qDpR0IEw5te3tguU1lBOnleXUx0k/Y4YGVFpbgQCuHYX525LpaKB
QehRn45SYNKwuIYttiaQvSfOiKF+AjNdYvYOOXKWcAKTEOD9dJ/KxkQBPHx0FGtr
ZyylIjvha3NAt4SM1yPvj33sNsmqWi1KPjVWfq5Ss40DVEUc+jknF1KsunE5/WfY
oobSfEN0J+CXiZJFur3U61tsQpd6tc4qCtFPIp6RHHBMkklLHTnNlGQyERBrHYrX
qI9I0xQrhgc7EbKUbg2LRtCUcoQE9lDfwc0BqCiGdv5siXrvnVgvgtDSPpXdd0ww
ty1Hx/yFC8hg3XmISrSvAyJqnLqp4ve5hVhUlfItxqSgy0uTmag=
=acXn
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
