[Pkg-javascript-devel] Bug#1013264: marked as done (node-got: CVE-2022-33987)

Wed, 29 Jun 2022 07:51:22 -0700 

Your message dated Wed, 29 Jun 2022 14:47:37 +0000
with message-id <e1o6yyf-000ioa...@fasolo.debian.org>
and subject line Bug#1013264: fixed in node-got 11.8.3+~cs58.7.37-3
has caused the Debian Bug report #1013264,
regarding node-got: CVE-2022-33987
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1013264: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013264
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: node-got
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for node-got.

CVE-2022-33987[0]:
| The got package before 12.1.0 for Node.js allows a redirect to a UNIX
| socket.

https://github.com/sindresorhus/got/pull/2047

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-33987
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: node-got
Source-Version: 11.8.3+~cs58.7.37-3
Done: Yadd <y...@debian.org>

We believe that the bug you reported is fixed in the latest version of
node-got, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1013...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-got package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Jun 2022 16:11:01 +0200
Source: node-got
Built-For-Profiles: nocheck
Architecture: source
Version: 11.8.3+~cs58.7.37-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1013264
Changes:
 node-got (11.8.3+~cs58.7.37-3) unstable; urgency=medium
 .
   * Team upload
   * Declare compliance with policy 4.6.1
   * Add lintian overrides
   * Don't allow redirection to Unix socket (Closes: #1013264, CVE-2022-33987)
Checksums-Sha1: 
 1b6c865c24c07ef5c2947edb267ea098aee17795 7488 node-got_11.8.3+~cs58.7.37-3.dsc
 5e82f0bc8e2aa0e4cea41d2b9595d7c594c5cf1d 9264 
node-got_11.8.3+~cs58.7.37-3.debian.tar.xz
Checksums-Sha256: 
 e44a5a81b293d97a7fdd3eda6027b4cca45a075a6668b672704ef565938824c9 7488 
node-got_11.8.3+~cs58.7.37-3.dsc
 958be44d32cd0a17ae356927c63b261517b8772d11311171699e69c0a088896d 9264 
node-got_11.8.3+~cs58.7.37-3.debian.tar.xz
Files: 
 053f4273eac23e7c0b85ec67bf8632e2 7488 javascript optional 
node-got_11.8.3+~cs58.7.37-3.dsc
 0f2b007f3f4e180bd32d8ab10b3f0519 9264 javascript optional 
node-got_11.8.3+~cs58.7.37-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmK8XjgACgkQ9tdMp8mZ
7ulZpw/+OEXzlGPetATfPC+gq1TGgCgjeY1uLzhIF1M6zGfPlzp9QyiKJLPd9I55
al+k5lQSlUl/vJGHJq6t4/5MVyGVUPqOKrEE13mpNkrIbY7yEDOsWIj3albAKA/5
HuVWJeQGTOum0qOtYm/UiP/vqV2BP+aIWD6NhiACLd8DwhDJjtB+Jh42ZqN/I2EE
kpiW2dvAhDaUj7ghonDew1FEucxLLxQUv45A8ZKbL+ZOHynSFrz4KawZcQF/5DN7
Xzl/vavwpNXYtQJ6fJLxmjKT4AQ1gA1M280bnfoKHNCqipXGKslHP8vbJtI4BfUp
GeTu9EsAm13+r8mUE5LgteLcY0lVk1AcD4DfAgCVWfcckPgmPdb2n+p6KQ9MCQI6
4kGq+MummK9pZzwCR3fT5h5c6OZViIKAXkLbkF9TCzI+AsBcehK9vJ3YSLh0rEdl
9cKtr8x7gDj5h17PBsza8E10UbbsaAGtyA26WtM+OV29rGZy4RL9KMy/IEKPAxMa
BoxTn05go7fcVyw8J+5qZGshxwNHo2zm+3l/FgyudmSSL552IBQUHnXpP1aXOpgL
kI6mDGlmq+WzLbpMNjbB44U6ZeIIymGuUTxIZtba8JZCfK60mzp2ZgRR0BRlf2V+
ca9EZ0lRQBKgPID65Vp8T70ME9qw9CNM9aoB/n+vwMGBrNbZ7aA=
=oVHK
-----END PGP SIGNATURE-----

--- End Message ---
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to