Your message dated Thu, 30 Jan 2025 17:54:55 +0000
with message-id <e1tdykh-00dtst...@fasolo.debian.org>
and subject line Bug#1094731: fixed in node-axios 1.7.9+dfsg-1
has caused the Debian Bug report #1094731,
regarding node-axios: CVE-2024-57965
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1094731: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094731
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-axios
Version: 1.7.7+dfsg-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/axios/axios/issues/6351
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-axios.
CVE-2024-57965[0]:
| In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a
| URL object when determining an origin, and has a potentially
| unwanted setAttribute('href',href) call. NOTE: some parties feel
| that the code change only addresses a warning message from a SAST
| tool and does not fix a vulnerability.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-57965
https://www.cve.org/CVERecord?id=CVE-2024-57965
[1] https://github.com/axios/axios/issues/6351
[2]
https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db
[3] https://github.com/axios/axios/pull/6714
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-axios
Source-Version: 1.7.9+dfsg-1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-axios, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1094...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-axios package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 30 Jan 2025 18:27:28 +0100
Source: node-axios
Architecture: source
Version: 1.7.9+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1094731
Changes:
node-axios (1.7.9+dfsg-1) unstable; urgency=medium
.
* Team upload
* New upstream version (Closes: #1094731, CVE-2024-57965)
* Refresh patches
Checksums-Sha1:
a547460e10c0ecdcdf64555c4ca4f0da278fb2e9 2612 node-axios_1.7.9+dfsg-1.dsc
288befaea9a0a8234c9a70717cfc3d385468c35b 314192
node-axios_1.7.9+dfsg.orig.tar.xz
c5fa1df3d8bf64870590afff17dbf7e94439e24f 22564
node-axios_1.7.9+dfsg-1.debian.tar.xz
Checksums-Sha256:
d1a7af57164278484946627359b592854691317f067f9178e7bfd7d57b0cd4cd 2612
node-axios_1.7.9+dfsg-1.dsc
d2ef98fad78da607b3080ba197d2fd0c48691602cff9191b6d15060236c130a3 314192
node-axios_1.7.9+dfsg.orig.tar.xz
9b6d0dced32fb496e53a3ac2954e3268e21851b85b966601e8f83d70b05db99e 22564
node-axios_1.7.9+dfsg-1.debian.tar.xz
Files:
148267c8fa775ce7c037796901ace60f 2612 javascript optional
node-axios_1.7.9+dfsg-1.dsc
601b2de29205652926867a2e246ec9a9 314192 javascript optional
node-axios_1.7.9+dfsg.orig.tar.xz
a9c68a39194f9842cd66b045622ddbef 22564 javascript optional
node-axios_1.7.9+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmebuCUACgkQ9tdMp8mZ
7umHpA//Xa3/8WPKOH0+/qeES92e3oPDKEo+klK+Taoa7EZxn3OxK0EAJEI1AWE+
+9mzcuF3VfziWS4Xve6iV3A9wL1W/v+mSSY9lCSpBQ7gOnuj45DEs3dZcvF+QuXF
yd5w/Be+BEhSQUOV2y/pRozFk93/hknZZ2NGJMEq5vS3E8Gr+82Bc4Do9cGxF47R
Kicc520YXLLVNELpsyynk1NwaMsOb/Jok8TlFNSFvA3hqiun11oeEWma9/p0/pPG
L9mMAa3GT4ncU9uk23MHmyGnPTVjOTskeibgj2pk6ehW2WzdXg5F2AWhfR/riQ/M
nvnzallfJnQlKxZJ7x+0lZsZ9jMOYQ/VnvAgYImd1Vy/6eZqo5gBmyI5FoTkCo2p
uVv1S3gBftsZEbymOMCXGLR5O8sFtdt2pZRCvp5Iu81R3zCaYJTXNrJ3t4Pcx1hf
AFl+7/mAi2/HrG3mNj4mjGwlREutshAuSAcNrZqnv6Z6d4dnhLJFw2iP7KWHfZ/q
5wxVlMLBmrDIgWbLDmWkRgLyx//ZCw2+miV2QmF6ISK9xmAruz5w0IABC3r+qWQk
jJ4LnGB9V/wQ3DPdYtI55abFTvpwPlzFGWaqb3Pw23880ZtzAAm0tnwfF8JYlL2w
vJ5vV0B/HYfBCOR2VJB4W+bunC/7L2c1+zY7G0R0JkbqOlM2VF8=
=gfJp
-----END PGP SIGNATURE-----
pgpDKliwRQD2J.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
