Your message dated Wed, 27 Aug 2025 20:11:08 +0000
with message-id <e1urmu8-00bouq...@fasolo.debian.org>
and subject line Bug#1111772: fixed in node-cipher-base 1.0.4-6+deb13u1
has caused the Debian Bug report #1111772,
regarding node-cipher-base: CVE-2025-9287
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1111772: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111772
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: node-cipher-base
Version: 1.0.4-6
Severity: grave
Tags: security upstream
Forwarded: https://github.com/browserify/cipher-base/pull/23
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for node-cipher-base.
CVE-2025-9287[0]:
| Improper Input Validation vulnerability in cipher-base allows Input
| Data Manipulation.This issue affects cipher-base: through 1.0.4.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9287
https://www.cve.org/CVERecord?id=CVE-2025-9287
[1] https://github.com/browserify/cipher-base/pull/23
[2]
https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc
[3]
https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-cipher-base
Source-Version: 1.0.4-6+deb13u1
Done: Yadd <y...@debian.org>
We believe that the bug you reported is fixed in the latest version of
node-cipher-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1111...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated node-cipher-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 Aug 2025 00:17:05 +0200
Source: node-cipher-base
Binary: node-cipher-base
Architecture: source all
Version: 1.0.4-6+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Yadd <y...@debian.org>
Description:
node-cipher-base - abstract base class for crypto-streams
Closes: 1111772
Changes:
node-cipher-base (1.0.4-6+deb13u1) trixie-security; urgency=medium
.
* Team upload
* Add patch to return valid values on multi-byte-wide TypedArray input
(Closes: #1111772: node-cipher-base: CVE-2025-9287)
Checksums-Sha1:
9685971bb45a7e48f5748b3d7e42d0d153376fdb 2180
node-cipher-base_1.0.4-6+deb13u1.dsc
bb3bfbd5f5a250c60c2bfb22a1963aac6c9b320e 4248
node-cipher-base_1.0.4-6+deb13u1.debian.tar.xz
89b595b32c660b5b1d17590b208d6b9db23ba451 4776
node-cipher-base_1.0.4-6+deb13u1_all.deb
39f89eee1afe48d7aa11710b136d78e8a47d181f 15446
node-cipher-base_1.0.4-6+deb13u1_amd64.buildinfo
Checksums-Sha256:
1ec08f0f98e7635a4e613f1f66979ff4e90b00eb4a6263e75028bccfebc13a0b 2180
node-cipher-base_1.0.4-6+deb13u1.dsc
6bf3707d557489fed2aa1282ae3563c433d91c277f1c3d41cccd1114fff8b978 4248
node-cipher-base_1.0.4-6+deb13u1.debian.tar.xz
a5a4f37a6ac913bb11176f5344676b78734df9cf1e18d3127b3f232bdca92d03 4776
node-cipher-base_1.0.4-6+deb13u1_all.deb
92ab8a3103769e7c4fcadb533db0f2ac417aaa773ae39671103c7aa771bca90f 15446
node-cipher-base_1.0.4-6+deb13u1_amd64.buildinfo
Files:
f5d0e4df82a12fa18e50638b9ad3f5f2 2180 javascript optional
node-cipher-base_1.0.4-6+deb13u1.dsc
67504c593c3fcd990a959a80b5560587 4248 javascript optional
node-cipher-base_1.0.4-6+deb13u1.debian.tar.xz
d7c83807f6875ac24db108b060f4197b 4776 javascript optional
node-cipher-base_1.0.4-6+deb13u1_all.deb
e0172fd7e69c7d5525e71b1a2ce1265d 15446 javascript optional
node-cipher-base_1.0.4-6+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmioSJoACgkQ9tdMp8mZ
7uk/fA/9FQmXYuBWMyeZQ/fQVvaS1nIK4I5cGUPV+LFDMQNguEBO5jS5c0uXeYzy
ixk0VIznze6PvjdsAJOniaHFA0mxVN+kiG+pAUETjlhCSY5fPgtEfRP/XvOkv1Fs
T18E+2WZOJmeSh3h1Gef7U4fuA+5wR66JYIs4GcxOlG0rd4NX7gjx1bcYFfF4ToM
YIPIRqR0eontMq4tp29DIl+jungATgWw8Q7hRRGBL3ZxpIkf3zCDtDS3iUaSEQ02
PqnYjJT7hon1Sy3Xqy3EZabAXjl34hzwdNaqTY/UkXPynkdKZgHbuJ9eHBPzTAw6
nN2uW2Or8oqTobWq+Azzhc6zoVxydlwlMHWoVFQxfcqKdwbBXZCIsB59XbzJesR5
6O8iwSbp/1gBB5EAItyZ7e3hVEY/EbHZ+xzjmWe7oe9S+ncEwZBtrNdxWGLAb5eU
P2i0m3WkcnstjkcSkFGsnH3CK4VT9d0d8ZQF556skQEQuHUv6VML/WOxft238jQY
Q21C9y6Zqm8lJfFN+j6P/uW7wyVYPmclKtLtUr/XlliE8d167kgvlOdiThjG2t5O
bYeeWx0korDZG/vGYa7r9+S7T4bfczHsUx4OBSY+malca6DbU97z7frggUoqzUC/
iKbvCSqJgg2CVCfkz2EYNS+Bw3t0jcBrYl+doQToEKNNN79jATU=
=yFGo
-----END PGP SIGNATURE-----
pgpF0pJmzCSSA.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
