Your message dated Thu, 24 Jul 2025 11:05:13 +0000
with message-id <e1uetlb-001gsw...@fasolo.debian.org>
and subject line Bug#1109551: fixed in node-form-data 4.0.1-2
has caused the Debian Bug report #1109551,
regarding node-form-data: CVE-2025-7783
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1109551: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109551
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-form-data
Version: 4.0.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-form-data.
CVE-2025-7783[0]:
| Use of Insufficiently Random Values vulnerability in form-data
| allows HTTP Parameter Pollution (HPP). This vulnerability is
| associated with program files lib/form_data.Js. This issue affects
| form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-7783
https://www.cve.org/CVERecord?id=CVE-2025-7783
[1]
https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4
[2]
https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-form-data
Source-Version: 4.0.1-2
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-form-data, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1109...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-form-data package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Jul 2025 12:45:56 +0200
Source: node-form-data
Architecture: source
Version: 4.0.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1109551
Changes:
node-form-data (4.0.1-2) unstable; urgency=medium
.
* Team upload
* Declare compliance with policy 4.7.2
* Fix "Insufficiently Random Values vulnerability"
(Closes: #1109551, CVE-2025-778)
* Launch more tests
Checksums-Sha1:
fb61f317f7f41f7a02e3b991c4ae48bf87b8b86c 2158 node-form-data_4.0.1-2.dsc
413bd119449b63d12e5a3cb028280321c426469f 10612
node-form-data_4.0.1-2.debian.tar.xz
Checksums-Sha256:
a4a4149d9734da30e80c354bdc1d6af91160179ab78c7c3b7860b164cf43813e 2158
node-form-data_4.0.1-2.dsc
2fc94fe86cc3195926a236d0b99439cee27f53501f8cccc69b189e41d3f236a9 10612
node-form-data_4.0.1-2.debian.tar.xz
Files:
ab8ba4b78290a01fc819f2f150925003 2158 javascript optional
node-form-data_4.0.1-2.dsc
bba956e02ab3ccb8c6052d902a1afea9 10612 javascript optional
node-form-data_4.0.1-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmiCDz0ACgkQ9tdMp8mZ
7uke+A/9F+fS1VlZxFfYgPUc+rlcbg/WjyRm3JIBi9qxP5QRy2HPBWAnuWFxiKBV
h1YnbWMOUjAZHGethbFkwTmZGA9lSs0e2YXK1elGzgfmk7TkRBKVx47UyXcBhnOs
jOB12dTtOjPKwe1Pavi84wJsv+foo9TQ2P2oG6RES6m2KqQWhfGXe8Glp8ubX3Us
/A2Jetn2fsWp+vnw6PtjjlyRbxGy1X7+HxeBfnzEyUfn0ZD52+WcWAU12eOOq0HZ
INMvRLYiaeu6gyDc2xh0ZNRPJ843NbSXvMbDn9kIkiuj1cggCY4OBNPG61CssBL0
myLBT2wSMsVgb733Cn4RelF10JnR37El0vLTJMZh5zRfN9ldVaI4Px9qFDUex1VS
eqkDGS600bYKhe55gS9U6tOC7TO2/VqUxww+mEYiZEdk7b4kHUamcU4ucVcUlVnP
Tvru+W6UUIbLe5LU/jJG9vrBM72iYQVcSfSibXhT1JWtZG7dPflmZQucie/JLsbe
omaAmFvuzezYshgOWWSI/n0vqpRrMh3ii/aTNg9P/ecokX1MJLFFQn1dPchSPCjY
S9ReqAw2iXt2Zm/XSMTHV/XNpjpjVH4jQf9ICCPKy8gHEct13z7seNLJ1wzYSOB9
BHu50v3e30qZ5ZgYfBVnDsBDGWPXsMfEraqtx8hwz8M+psTeS9o=
=jMEG
-----END PGP SIGNATURE-----
pgpn7aSYEAb2H.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
