[Pkg-javascript-devel] Bug#715325: marked as done (npm: CVE-2013-4116: predictable temporary filenames when unpacking tarballs)

Debian Bug Tracking System Mon, 09 Sep 2013 06:28:51 -0700

Your message dated Mon, 09 Sep 2013 15:22:31 +0200
with message-id <[email protected]>
and subject line Re: npm: CVE-2013-4116: predictable temporary filenames when 
unpacking tarballs
has caused the Debian Bug report #715325,
regarding npm: CVE-2013-4116: predictable temporary filenames when unpacking 
tarballs
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
715325: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715325
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: npm
Version: 1.2.18~dfsg-3
Severity: normal

I installed a few packages yesterday, and today realized npm was wasting 50M
of my ram with copies of what it downloaded still in /tmp/npm-# folders

it should clean this up, put it in /var/cache, and/or have a command to clean up

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.9-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages npm depends on:
ii  node-abbrev             1.0.4-1
ii  node-ansi               0.1.2~dfsg1-1
ii  node-archy              0.0.2-1
ii  node-block-stream       0.0.6-1
ii  node-fstream            0.1.22-1
ii  node-fstream-ignore     0.0.6-2
ii  node-glob               3.2.1-2
ii  node-graceful-fs        1.2.1-2
ii  node-gyp                0.9.5-2
ii  node-inherits           0.1-1
ii  node-ini                1.1.0-1
ii  node-lockfile           0.3.1-1
ii  node-lru-cache          2.3.0-1
ii  node-minimatch          0.2.11-1
ii  node-mkdirp             0.3.3-1
ii  node-nopt               2.1.1-1
ii  node-npmlog             0.0.2-1
ii  node-once               1.1.1-1
ii  node-osenv              0.0.3-1
ii  node-read               1.0.4-1
ii  node-read-package-json  0.3.1-3
ii  node-request            2.9.153-1
ii  node-retry              0.6.0-1
ii  node-rimraf             2.1.4-1
ii  node-semver             1.1.4-1
ii  node-slide              1.1.4-1
ii  node-tar                0.1.17-1
ii  node-which              1.0.5-2
ii  nodejs                  0.10.11~dfsg1-1

npm recommends no packages.

npm suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

The upstream fix is present in npm since version 1.3.3,
see
https://github.com/isaacs/npm/commit/f4d31693e73a963574a88000580db1a716fe66f1

Closing this bug.

Jérémy.

--- End Message ---

_______________________________________________
Pkg-javascript-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#715325: marked as done (npm: CVE-2013-4116: predictable temporary filenames when unpacking tarballs)

Reply via email to