Your message dated Fri, 22 Aug 2025 15:32:31 +0000
with message-id <e1uptkl-00hkql...@fasolo.debian.org>
and subject line Bug#1109551: fixed in node-form-data 4.0.0-1+deb12u1
has caused the Debian Bug report #1109551,
regarding node-form-data: CVE-2025-7783
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1109551: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109551
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-form-data
Version: 4.0.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-form-data.
CVE-2025-7783[0]:
| Use of Insufficiently Random Values vulnerability in form-data
| allows HTTP Parameter Pollution (HPP). This vulnerability is
| associated with program files lib/form_data.Js. This issue affects
| form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-7783
https://www.cve.org/CVERecord?id=CVE-2025-7783
[1]
https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4
[2]
https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-form-data
Source-Version: 4.0.0-1+deb12u1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-form-data, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1109...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-form-data package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Jul 2025 12:50:50 +0200
Source: node-form-data
Architecture: source
Version: 4.0.0-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1109551
Changes:
node-form-data (4.0.0-1+deb12u1) bookworm; urgency=medium
.
* Team upload
* Fix "Insufficiently Random Values vulnerability"
(Closes: #1109551, CVE-2025-7783)
* Launch more tests
Checksums-Sha1:
39364084b7969fd7c4f706c86def6818e564ab9a 2190
node-form-data_4.0.0-1+deb12u1.dsc
a157faaefc9afc2fdc2fa460c14c5ca1aac5001e 10600
node-form-data_4.0.0-1+deb12u1.debian.tar.xz
Checksums-Sha256:
dbcfad9c3d968b1665636e545bffebc67dfb626f6eb37a2417e9a1a57fa6f055 2190
node-form-data_4.0.0-1+deb12u1.dsc
0cc0540a3ed57798c8184291383bc5398e928f2965d5ac9167c7cdbc362d19f5 10600
node-form-data_4.0.0-1+deb12u1.debian.tar.xz
Files:
1d99586f28ff884afda76799ba09b633 2190 javascript optional
node-form-data_4.0.0-1+deb12u1.dsc
ad25fc670616d62b5b6e69d43d9fd4c7 10600 javascript optional
node-form-data_4.0.0-1+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmiLsnMACgkQ9tdMp8mZ
7umdsw//bMyiziuPzTKHnkv/zI2lLNzqsXL1cr8eoAuuSa89zK6VkrHGMfnyEi8/
hDJdZ2mNyPxZhyUptNejIwfI5ntaJ/GqdYEIUlrvftUvq6oSy8QZYnol4rHy9iON
MP7SW40qq5KF4XlIHtWNp8LNgh97a5uFiywzNtFQOvjqBQ/6mS2TTSC5aOoW/daH
kmeUfK3vg3aNWSnxAPxMrToQUNHG3KFs4n00+082tvWNLBm2vusavx0sXi1b90DQ
kQDU6RFFAaZSGIZtK4nYEEsUr86hXUkvI96mY2ceoZs5T/VYayaWFCUfdsPJ3dii
f9F7k7J7caCA5wo8PBxbTkLTnIVJIG8d90iL1FnrIju8LpxqLopEWvhC5nk4DQRF
rrS2J4d5NQH0JlPwy/pbgWg+hzDPlJENVdpvfn9S7Ftibgkys6L44NpmDWN0w00p
83hxLSl9EOcn0UfWMkVCHy7Z901cEuMdOmcbQyrVdVizijhVT8CtJXwQPALgdlEA
TqSVBbAhluseuf2c33lJkZdabBqWA5ONcgkmBa24IQDa7ovWhcfhzwJcsoFa+2bu
MfdBJVgm0r9lcNcttwuC7y71jJuE276cDCyD04SagD+jyTdP3ghs9VSaGR+WWzOZ
S/Xapwe/JherLVuLycam1lv+2ei3C7/BgkFj8npII6OaDGmGPm8=
=m1gx
-----END PGP SIGNATURE-----
pgpq01HqMRQxS.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
