Your message dated Fri, 01 Jul 2022 15:32:11 +0000
with message-id <[email protected]>
and subject line Bug#1013264: fixed in node-got 11.8.1+~cs53.13.17-3+deb11u1
has caused the Debian Bug report #1013264,
regarding node-got: CVE-2022-33987
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1013264: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013264
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: node-got
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-got.
CVE-2022-33987[0]:
| The got package before 12.1.0 for Node.js allows a redirect to a UNIX
| socket.
https://github.com/sindresorhus/got/pull/2047
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-33987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: node-got
Source-Version: 11.8.1+~cs53.13.17-3+deb11u1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
node-got, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated node-got package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Jun 2022 16:30:16 +0200
Source: node-got
Architecture: source
Version: 11.8.1+~cs53.13.17-3+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 1013264
Changes:
node-got (11.8.1+~cs53.13.17-3+deb11u1) bullseye; urgency=medium
.
* Team upload
* Don't allow redirection to Unix socket (Closes: #1013264, CVE-2022-33987)
Checksums-Sha1:
46b5f838078180dbb19e68f0a0d109eeba8526e8 7529
node-got_11.8.1+~cs53.13.17-3+deb11u1.dsc
fbf2a29358309a1d66751c6cede4f2c93aecb6a1 8124
node-got_11.8.1+~cs53.13.17-3+deb11u1.debian.tar.xz
Checksums-Sha256:
f921bec8e02ba5fb29e70f3c603dea95eab60cd71a43d16644f82a81d82891a3 7529
node-got_11.8.1+~cs53.13.17-3+deb11u1.dsc
cfd59c025fe6911700e2add4dd3309b54d6ba9a1f4a1953e10988599f2b7a3ec 8124
node-got_11.8.1+~cs53.13.17-3+deb11u1.debian.tar.xz
Files:
b2e03b2753896c852d0f668f71f18727 7529 javascript optional
node-got_11.8.1+~cs53.13.17-3+deb11u1.dsc
8d8e0eaf15330e914ba9c6e1ad7d6697 8124 javascript optional
node-got_11.8.1+~cs53.13.17-3+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmK9IogACgkQ9tdMp8mZ
7ukvZw/+KspgWRw9pfH4cL45K0OoWb5hxPG+HzIOv9m9Grymr8TTUfMWWlo8yTE1
e6gJTjt14IjFcZ3qAQPn5fQGNDCu2HPQHKaEJ8cOVQs+YuQuNY521nIiynYahlht
STXvsXoML0jo4/QMrvc6qRhpiSx16w5/dibOJPvbomkdRTEFsPEYU7rHFHZn20te
3nkfG1W/GhPprv1iDygics3JjEqzp5Rm3FP9DGfXdupyVuJuxpS+JKgdZNz2iOMa
9j4SCBJk+TZsTgr/rjh6EG+jlgt5VkMFey7SyFhHpCa7wY5UZJvEugf7KtD6vNxC
AxaOpnin0DwK0n5RBEHk+klUjokqIk8C9GqOJEyDE4mX2F0K2ne06Mveowu/URcs
A4BlfXzzMBwf4lRrllCBCReWbtQvaRewyRqP9CW/5jmjQN+dThJLCUFaXByKWUwD
8wvNJNC3Ca/e3b/6QmWQaXfq9sta8ZkPNsyZgFfYpVua02QoDqPtJyPcY4F80xYF
QY7nYDUc2Mrhb/ISECe99x18xYIU8qwMM3QzGZ9vq0dj2ht7W9ek8U+t/4Kssh62
sI3uzLOUx9YRbP7G9JnKGxZECKH8GIDBNlHsI6LYe1+djho3Rp/to+DLi1dPBwYz
7iWkSqqEkVR0D44Huf2Dlx3l5bG0+Fo6DVrMciMxC+NqxVLW6Qw=
=LvPl
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
