Your message dated Sat, 14 Sep 2024 13:05:06 +0000
with message-id <e1spssy-004qmq...@fasolo.debian.org>
and subject line Bug#1081657: fixed in node-body-parser 1.20.3+~1.19.5-1
has caused the Debian Bug report #1081657,
regarding node-body-parser: CVE-2024-45590
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1081657: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081657
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-body-parser
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for node-body-parser.
CVE-2024-45590[0]:
| body-parser is Node.js body parsing middleware. body-parser <1.20.3
| is vulnerable to denial of service when url encoding is enabled. A
| malicious actor using a specially crafted payload could flood the
| server with a large number of requests, resulting in denial of
| service. This issue is patched in 1.20.3.
https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce
(1.20.3)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-45590
https://www.cve.org/CVERecord?id=CVE-2024-45590
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: node-body-parser
Source-Version: 1.20.3+~1.19.5-1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-body-parser, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1081...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-body-parser package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 14 Sep 2024 16:50:16 +0400
Source: node-body-parser
Architecture: source
Version: 1.20.3+~1.19.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1081657
Changes:
node-body-parser (1.20.3+~1.19.5-1) unstable; urgency=medium
.
* Team upload
* Declare compliance with policy 4.7.0
* New upstream version (Closes: #1081657, CVE-2024-45590)
* Require node-qs >= 6.13~
Checksums-Sha1:
43230d3982979dc55e78fbdb154b5761f20146dd 2857
node-body-parser_1.20.3+~1.19.5-1.dsc
04ce9a3b677dc8bd681a17da1ab9835dc9d3ede4 2905
node-body-parser_1.20.3+~1.19.5.orig-types-body-parser.tar.gz
b142b374611d0995f559b309a2b6f7e1f8a92cdf 26974
node-body-parser_1.20.3+~1.19.5.orig.tar.gz
1f8ec234a3bce7d895a5c48c9218b5fea4ed30fc 3984
node-body-parser_1.20.3+~1.19.5-1.debian.tar.xz
Checksums-Sha256:
f3633739bd4f26fc304a636740c951be13bbb6ed1d7088974778b020e5b15045 2857
node-body-parser_1.20.3+~1.19.5-1.dsc
f340aa7ab519f0515ecb1a44137e49810c7e57275ad35014be659c7394f6052d 2905
node-body-parser_1.20.3+~1.19.5.orig-types-body-parser.tar.gz
4d8db686bd8bab1f14477497214659cd663c9a7a7e4eebcded39e3135c0e60b1 26974
node-body-parser_1.20.3+~1.19.5.orig.tar.gz
1923759c27896d5ef605ae009c93c55a019be2f1d8f56b0b37b0db1e3ce570f6 3984
node-body-parser_1.20.3+~1.19.5-1.debian.tar.xz
Files:
0e80dbbff9761cefc7ed99b788e034b6 2857 javascript optional
node-body-parser_1.20.3+~1.19.5-1.dsc
429bedf691bca9b4fcfd729cd8fc6564 2905 javascript optional
node-body-parser_1.20.3+~1.19.5.orig-types-body-parser.tar.gz
9a3b32b64209388ce8508404f42bd25f 26974 javascript optional
node-body-parser_1.20.3+~1.19.5.orig.tar.gz
aa3b3a33ca87efebca844b3f54bbe69c 3984 javascript optional
node-body-parser_1.20.3+~1.19.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmblhskACgkQ9tdMp8mZ
7umIVg//Ven2Q0SzwLYqiXCxcSI8hIN4aPkXTia9GNIED3D37+WA4qPu3BfptHWS
yzAHbhBK1A4f1dBUUQ9QF92xQYv7UZTcldcwu8oBEwqym/kseXPVu0W2/P4cPv9O
cyqtcV2vFckiH++EjpAFmfNLjR6DbxbEl5nWiJ8B/HSUMZo4TupadPaLiwwZIdE8
K7HSCCfDwa/bVmQtPI5t9XHFzmo2IyirLEt1oAr/Ed+P1s7FLgbstmfaPFUuWNeD
6KszZ7ySX1xUg9vdLU3lsNT6WFidmpaD8gNh37QxBzqwNT4SEqGqMoanGmX9e3rt
dYzVahGp7crJExA2Khxip8S4LkP2k81bff751xkm3jNW54yNkHIw9Xx+VZO9s4ye
cq3d6oFFxXJDo1pIwgeFFSdxEw2jFUoZ4PfA5i7g8fRAIc+Fn1Q7K+Y0e1eQId8h
z1WQkds4ZjWrY0vJgYIk7Sb7F8khIixWM+tUGQGKt+zdACXuUOviVnmfRozqZOTC
eWfMSNwOmQo9yehrqBNaHXQwX6jlvCTpr3Q054rUEGIC3IQxcc5SNl7WevGHKVuM
lpWQzb9Otb7HFYLm3mmuwvnZfatnvi2rSh4XJIJ7PnEvzlI6MvPbxdujU5tyvfO3
Gi5Rgx3aryvxd9V/c+/l5PLCR2nY+vDnX+G2DP7i1X7zTNftnc4=
=dkOn
-----END PGP SIGNATURE-----
pgp9Eh0h7hh3X.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
