Your message dated Wed, 27 Aug 2025 18:32:26 +0000
with message-id <e1urkwc-00b5gb...@fasolo.debian.org>
and subject line Bug#1111772: fixed in node-cipher-base 1.0.4-6+deb12u1
has caused the Debian Bug report #1111772,
regarding node-cipher-base: CVE-2025-9287
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1111772: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111772
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-cipher-base
Version: 1.0.4-6
Severity: grave
Tags: security upstream
Forwarded: https://github.com/browserify/cipher-base/pull/23
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-cipher-base.
CVE-2025-9287[0]:
| Improper Input Validation vulnerability in cipher-base allows Input
| Data Manipulation.This issue affects cipher-base: through 1.0.4.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9287
https://www.cve.org/CVERecord?id=CVE-2025-9287
[1] https://github.com/browserify/cipher-base/pull/23
[2]
https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc
[3]
https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-cipher-base
Source-Version: 1.0.4-6+deb12u1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-cipher-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1111...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-cipher-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 Aug 2025 11:32:07 +0200
Source: node-cipher-base
Binary: node-cipher-base
Architecture: source all
Version: 1.0.4-6+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Description:
node-cipher-base - abstract base class for crypto-streams
Closes: 1111772
Changes:
node-cipher-base (1.0.4-6+deb12u1) bookworm-security; urgency=medium
.
* Team upload
* Add patch to return valid values on multi-byte-wide TypedArray input
(Closes: #1111772: node-cipher-base: CVE-2025-9287)
Checksums-Sha1:
5cf965018d62ffca449cd7d8659b2e66a1b71e33 2180
node-cipher-base_1.0.4-6+deb12u1.dsc
3da66fc120b6522311987b1c3217163d04f51607 3157
node-cipher-base_1.0.4.orig.tar.gz
00723e77ea2663f0720d1343c73070ca8ce5bd71 4256
node-cipher-base_1.0.4-6+deb12u1.debian.tar.xz
4dfce29d0163ad2abbb5111599f5dbacd3853e74 4768
node-cipher-base_1.0.4-6+deb12u1_all.deb
831280e6da7d0101a4d05a837599f754621627a3 16100
node-cipher-base_1.0.4-6+deb12u1_amd64.buildinfo
Checksums-Sha256:
771290ca365ebf7f30c9e2a3ead3fcfc2a80928d9958cd8dd76786e9cc7f1c2a 2180
node-cipher-base_1.0.4-6+deb12u1.dsc
d574497c85fdb7c294f7151cbe668c3b598c59389d953dc0ab22da899b2584a7 3157
node-cipher-base_1.0.4.orig.tar.gz
62912bd3f213101c3bed3d364a6dc4cda126145f063f840083caadad34dcfc0e 4256
node-cipher-base_1.0.4-6+deb12u1.debian.tar.xz
d27bd00246119cda1bac753899e33dc09cd2151ff1b45aaf8acb93259be9ca89 4768
node-cipher-base_1.0.4-6+deb12u1_all.deb
ab31d6a6e9f1d0b5b62de91d0905e7f52f9714f3a54af8976b519b0887faa1c4 16100
node-cipher-base_1.0.4-6+deb12u1_amd64.buildinfo
Files:
89bd803272df6a32b1680501e3582b4a 2180 javascript optional
node-cipher-base_1.0.4-6+deb12u1.dsc
d05b89861c1643228c603ef4b76ec085 3157 javascript optional
node-cipher-base_1.0.4.orig.tar.gz
209f2f944aa89d59e21f3591a1e6d658 4256 javascript optional
node-cipher-base_1.0.4-6+deb12u1.debian.tar.xz
c473e3cb946043e566cb6421db9e39f3 4768 javascript optional
node-cipher-base_1.0.4-6+deb12u1_all.deb
d3b732c616372556f84fc44fb405afe6 16100 javascript optional
node-cipher-base_1.0.4-6+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmioSAYACgkQ9tdMp8mZ
7unv0w/+Jf0AZ61uFSHhj+eihTNpMiweWX09gwm26/vbgMPR6FgUdMtatnRgbnUh
Xd3+6YjPzOwKreBXFaQdd4NPMzK/xDPgSeZTZQgoLDQZ1z/4VKVaMVS5g/5J8gmR
10MN7K299nd6rv4Kr0ywIVzNp1866pPS4DtblWvScy6aCS6vgqYfbYus703c8tkF
WA2+g+H/42aXiWNwZLekK9qLV37+bgtHlYM2C26+9QBdNa8IZ35f1tfT0UuKXYhk
K1cP6ftbsjCVzAN41Fw3OtBajCHCuZGlg8Tix88cBLD6lyG/VRdxqHS7QeU7z/Gc
wSyv2k3xdVj0Ry2ZDs78MpUwDlejV7+8qYdNxqYr6K1em8pzSzf7Hg/LejHRMLD7
t0+abIIL9do47gwXrUa5HIfGMjl7Q8fR0rr+lSqvIflN45Bc3eTI+5rMVGhm9bez
XzKYPcFvvS4kOCZMWzg6Bk0wD5hrvXDL2XOdlG8kN9srn03i+ux7J7Y33IgFZBDc
8tdtn2bGnq+bFZ790cJYaY8qMgkgc+rimb3lEoLsBRwjSVX/MldEpl2nbSZTM77h
poYfCNdZ7dc/yLcPAL4z0zrG6KX80LgWlx7i8+UmFlGF2+LsCrCzH69JoZcpObig
mXyVkdiXNGA+JDXZCTLX38y31NN/t61g2+2xW35a2bD6dC9Sunk=
=8+7p
-----END PGP SIGNATURE-----
pgpcrHqI3_UI9.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
