Your message dated Fri, 04 Dec 2015 09:25:24 +0000
with message-id <e1a4mcg-0006tw...@franck.debian.org>
and subject line Bug#806385: fixed in nodejs 4.2.3~dfsg-1
has caused the Debian Bug report #806385,
regarding nodejs: CVE-2015-8027 CVE-2015-6764
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
806385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nodejs
Version: 4.2.1~dfsg-1
Severity: important
Tags: security upstream

Hi,

the following vulnerabilities were published for nodejs, but the fix
is only made available on 2nd of december, 2015, UTC.

CVE-2015-8027[0]:
denial of service vulnerability

CVE-2015-6764[1]:
V8 out-of-bounds access vulnerability

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8027
[1] https://security-tracker.debian.org/tracker/CVE-2015-6764
[2] https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: nodejs
Source-Version: 4.2.3~dfsg-1

We believe that the bug you reported is fixed in the latest version of
nodejs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 806...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 04 Dec 2015 09:02:50 +0100
Source: nodejs
Binary: nodejs-dev nodejs nodejs-dbg nodejs-legacy
Architecture: source amd64 all
Version: 4.2.3~dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Jérémy Lal <kapo...@melix.org>
Description:
 nodejs     - evented I/O for V8 javascript
 nodejs-dbg - evented I/O for V8 javascript (debug)
 nodejs-dev - evented I/O for V8 javascript (development files)
 nodejs-legacy - evented I/O for V8 javascript (legacy symlink)
Closes: 806385
Changes:
 nodejs (4.2.3~dfsg-1) unstable; urgency=high
 .
   * Imported Upstream version 4.2.3~dfsg
   * CVE-2015-6764 V8 Out-of-bounds Access Vulnerability
     (Closes: #806385)
   * CVE-2015-8027 Denial of Service Vulnerability
     (Closes: #806385)
   * Patch: openssl -ssl3 fails immediately causing
     test-tls-no-sslv3 failure.
Checksums-Sha1:
 841faa66f987ef545bb802d80d2d9a692f4ff027 2376 nodejs_4.2.3~dfsg-1.dsc
 ed09eb98716b72748343be923dfd0733821b4449 9345783 nodejs_4.2.3~dfsg.orig.tar.gz
 8bc29855f9d9d6891958c3a517bd0812da01a399 348568 
nodejs_4.2.3~dfsg-1.debian.tar.xz
 a2a4ba8ebc4ce3f66f1fd999a49152c0b2a6dba5 96399450 
nodejs-dbg_4.2.3~dfsg-1_amd64.deb
 7c8af329caf76f2a9537a9d728e007ae3031aef2 446064 
nodejs-dev_4.2.3~dfsg-1_amd64.deb
 3d9ba9785243e3fd3b6456a5c54bb6c28279ebdf 193692 
nodejs-legacy_4.2.3~dfsg-1_all.deb
 ef373b29fce5d46883b31a5e83a6f4954590e992 3211942 nodejs_4.2.3~dfsg-1_amd64.deb
Checksums-Sha256:
 43a5c2166405d6a9ae764eb7e413a9aa69a98bacdebf2fa3fb630197d55204a8 2376 
nodejs_4.2.3~dfsg-1.dsc
 5465e4bd4b9ff74fc0b111eb85df18c803fdfec4611fb99d0c7c542a3cb4893b 9345783 
nodejs_4.2.3~dfsg.orig.tar.gz
 6bd2ec0484f02969d64c7c4cfcc8e53acbfee8b32bb732244526a643ea086f28 348568 
nodejs_4.2.3~dfsg-1.debian.tar.xz
 d35025677026cc86711385be1f587b0d2752a82e42d26f39dafe7477a723a66b 96399450 
nodejs-dbg_4.2.3~dfsg-1_amd64.deb
 718a516b18ac8061eeee8ca9461152c815767dafd70bbda4a5892338048ef893 446064 
nodejs-dev_4.2.3~dfsg-1_amd64.deb
 15f7ec6d4573c348a7f798ce3cdcd6b78ff77665ed460fd3e27a7d444cd72aa9 193692 
nodejs-legacy_4.2.3~dfsg-1_all.deb
 c11ab8ecf8af6a8de020ed56c30f81d4f211d8c6ceed302e115f39933f99bd9f 3211942 
nodejs_4.2.3~dfsg-1_amd64.deb
Files:
 779397c2982be6bc0b8f0f9afccb7e1b 2376 web - nodejs_4.2.3~dfsg-1.dsc
 560d3767c24907e44a34619139955785 9345783 web - nodejs_4.2.3~dfsg.orig.tar.gz
 70df2c4c238562411c2dde75354e08ef 348568 web - nodejs_4.2.3~dfsg-1.debian.tar.xz
 7cc0c99aab2b7c97be896b429ec644e7 96399450 debug extra 
nodejs-dbg_4.2.3~dfsg-1_amd64.deb
 f18f0dfb2547d164345c2883a2ca892e 446064 devel extra 
nodejs-dev_4.2.3~dfsg-1_amd64.deb
 6ad2b263c1c2c6893a1f50f1ccb86f15 193692 web extra 
nodejs-legacy_4.2.3~dfsg-1_all.deb
 4a4def90ce41513505afc50db7233b99 3211942 web optional 
nodejs_4.2.3~dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWYVQOAAoJEGYRwF7dOfN0Y0AQAJFRfpLijiMpz5aHAsv/H6mx
8YlQaHZA9NpjzYyglX1+q9VZqqBF++mLKel0bkXqJMjSPxvtb/VJLxbNrix0P21e
S9MkPHYNNJRoH7UqEY2cQP18hXCMVKLCtFpB/YPDjvQj0SZFrN0QIGD7hqdm5/ve
eI129/pLv15Mj45T3GWKpQO9wAbPV7T2CywqVulvBF+kvO8pngf3RMaaRiaFbMVS
zGk6OCSaC6drP7PQ9zmDojbTYlwaaHeN7pe/BfLWUD7yLnGtTj/Qtkl4s9IryJpH
W3p6wkblFyGIC/Mi50/Du9V72JtdnZsTsQwjgdMKJekFs0MidH55XacB0uabIgbB
H0krRIMevph0w0nQOj9OC0dLlt/P/DcC96+Lmw+zRd4F7KkdCmLDHoD2WLgwG5ys
Rq/PfnRp6hNb0wZBx+2NMQmAOHcQ96veNNTiPQHlrgul7kUZfzMZ1Io+fOTGsb3Y
ET41ZG2q4xuTdvEGjCBDl3bxs9Rvi77vKVgaKjvRMfnLmI49Po92t4+76bD/n3u9
Sj5DVU/N+skXJBVw7m8QRe5tlzaX68B55ViYyIspgZKVLeO9VWA0JLPQHGXyU2fj
BWEmBe+9LzZBR2IxZkdPkEB1oJRUKk6mw+0Ex1Q4rrYP37GMNnGblTwplTqOpNw7
o3ONIjEBZ8+BKgvAGhfu
=2wiD
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to