Your message dated Tue, 05 Jul 2022 12:49:42 +0000
with message-id <[email protected]>
and subject line Bug#1014385: fixed in passportjs 0.6.0+~1.0.0-1
has caused the Debian Bug report #1014385,
regarding passportjs: CVE-2022-25896 - regenerates stale session on user login
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1014385: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014385
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: passportjs
Version: 0.5.2+~1.0.0-1
Severity: important
Tags: security
X-Debbugs-Cc: [email protected], Debian Security Team
<[email protected]>
Hi,
The following vulnerability was published for passportjs.
CVE-2022-25896[0]:
| This affects the package passport before 0.6.0. When a user logs in or
| logs out, the session is regenerated instead of being closed.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-25896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25896
Please adjust the affected versions in the BTS as needed.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.17.0-2-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: passportjs
Source-Version: 0.6.0+~1.0.0-1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
passportjs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated passportjs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 05 Jul 2022 11:48:28 +0200
Source: passportjs
Architecture: source
Version: 0.6.0+~1.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 1014385
Changes:
passportjs (0.6.0+~1.0.0-1) unstable; urgency=medium
.
* Team upload
* Declare compliance with policy 4.6.1
* Add dependency to node-utils-merge
* New upstream version 0.6.0+~1.0.0 (Closes: #1014385, CVE-2022-25896)
Checksums-Sha1:
a1ec8af1a24bbd2931554fa8f8bf67f6632ecd70 2523 passportjs_0.6.0+~1.0.0-1.dsc
e813fb92fddb5bbf1853eec160b4c54c7bafea35 4185
passportjs_0.6.0+~1.0.0.orig-passport-strategy.tar.gz
ad321135b62a63b59cdf97a661d4682bb432144d 59564
passportjs_0.6.0+~1.0.0.orig.tar.gz
dd1a9c315521c933e02b9ff3c574cc0e57706491 5828
passportjs_0.6.0+~1.0.0-1.debian.tar.xz
Checksums-Sha256:
462658c4c68b520a6e76ed3025e2daccca68ef1b6f4494c371d00458100cac8e 2523
passportjs_0.6.0+~1.0.0-1.dsc
e25c91b49663956b0a430abff9e7854f5e44c76eae15ea04d4742faeb60a2e7d 4185
passportjs_0.6.0+~1.0.0.orig-passport-strategy.tar.gz
725c3c3b78fc52cba8e521591e2e59a6c37acc58c327e3331366adddc5071371 59564
passportjs_0.6.0+~1.0.0.orig.tar.gz
e2cef85624e268ff10dbaf954f7e80d86cf720b56e573026e1ca0c41f3f366ae 5828
passportjs_0.6.0+~1.0.0-1.debian.tar.xz
Files:
5b91f903d58fa649ed963783be273da7 2523 javascript optional
passportjs_0.6.0+~1.0.0-1.dsc
67521797f18094ba9e4736e6218a2a0c 4185 javascript optional
passportjs_0.6.0+~1.0.0.orig-passport-strategy.tar.gz
927bf93de358b5be470aa5bb4ec0dc37 59564 javascript optional
passportjs_0.6.0+~1.0.0.orig.tar.gz
373361a047d3e156b908539fee4034bc 5828 javascript optional
passportjs_0.6.0+~1.0.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmLEMKAACgkQ9tdMp8mZ
7ulQ+Q/+JgxLW4SzN09VDEyzzsmrfCpIkIvVKzU+qNFlIRvsY8BRN+oQ+Am3j4os
UA+rYPh8qznMkWJmYq22lj8K9RYaArU7wXYmQ38Xi2rQlguABJq+NwRHJKbaY5QU
y626fezrwGQoSphBY7vyqi5kacW7jCAOZQwBm4+bLxiGMMfb/NXXm8w+IIqhWZgz
zQnzgW9XMcrppDW7fqzQyfiB9xrsyH6ILjD4iVM9W53EjfxCJDNzfHOQv2Zqy2b7
SafgWFmMujMeDHG2z6YWaGeWVoWxbHArWunNRMIPiaxN0gepjWS01AKJEfJxcY75
oT2tDAVVFYivMaQeprobEPNFQQ8Np0gYgChUnpTJl1BYZeLORfLeU5YNdbmc1Q8R
wR7gvtmYGJbjkHq9Mhzn0JcDa0YT0LtVhpP0RJy3PWALcuzHarG2MJEwkInCiune
3iQM2cwkTCvoRzF2vrgzckO9h/ULXacDBwekeZQKm6eOWyty+BYKtYbumnIGLan5
CpHyfwYRTZvG7IRk/ZwmNDHUKhGdITbfJJmVSvVg25NzF2dtr0NlUr83UULumQuM
xW3mAOECusRg4ETbjPH5nqXnx604x+fmvjkgogTmd9wpDl7USyr9H4k5cL5UY1WI
rifXBmtO0kTRZE9QajSWewsKWAw3BgGNdit/RTyF/wMp6q526r8=
=fA1E
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
