Your message dated Fri, 04 Dec 2015 09:56:27 +0000
with message-id <e1a4n6j-0003bk...@franck.debian.org>
and subject line Bug#806385: fixed in nodejs 5.1.1~dfsg-1
has caused the Debian Bug report #806385,
regarding nodejs: CVE-2015-8027 CVE-2015-6764
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
806385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806385
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nodejs
Version: 4.2.1~dfsg-1
Severity: important
Tags: security upstream

Hi,

the following vulnerabilities were published for nodejs, but the fix
is only made available on 2nd of december, 2015, UTC.

CVE-2015-8027[0]:
denial of service vulnerability

CVE-2015-6764[1]:
V8 out-of-bounds access vulnerability

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8027
[1] https://security-tracker.debian.org/tracker/CVE-2015-6764
[2] https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: nodejs
Source-Version: 5.1.1~dfsg-1

We believe that the bug you reported is fixed in the latest version of
nodejs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 806...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 04 Dec 2015 09:59:15 +0100
Source: nodejs
Binary: nodejs-dev nodejs nodejs-dbg nodejs-legacy
Architecture: source amd64 all
Version: 5.1.1~dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Jérémy Lal <kapo...@melix.org>
Description:
 nodejs     - evented I/O for V8 javascript
 nodejs-dbg - evented I/O for V8 javascript (debug)
 nodejs-dev - evented I/O for V8 javascript (development files)
 nodejs-legacy - evented I/O for V8 javascript (legacy symlink)
Closes: 806385
Changes:
 nodejs (5.1.1~dfsg-1) experimental; urgency=medium
 .
   * Imported Upstream version 5.1.1~dfsg
   * CVE-2015-6764 V8 Out-of-bounds Access Vulnerability
     (Closes: #806385)
   * CVE-2015-8027 Denial of Service Vulnerability
     (Closes: #806385)
   * Patch: openssl -ssl3 fails immediately causing
     test-tls-no-sslv3 failure.
Checksums-Sha1:
 5b94dead2f70eb370dbd96edfeb793d0c977d4bb 2362 nodejs_5.1.1~dfsg-1.dsc
 68635a0a103eb92ccb39660f395a3cc0a820c99b 9422575 nodejs_5.1.1~dfsg.orig.tar.gz
 f2e1ae7b6d8aa9ee55dc4017c80e25e9024c2b7e 349332 
nodejs_5.1.1~dfsg-1.debian.tar.xz
 b11fd1e056a9b4c5c91731859f59dc1a1e1b02b1 96694984 
nodejs-dbg_5.1.1~dfsg-1_amd64.deb
 13792e1b752c573d2a38fee0e634b67b8995d576 458860 
nodejs-dev_5.1.1~dfsg-1_amd64.deb
 8f9ac69868296c3974242e29d3b414870b810fbe 205402 
nodejs-legacy_5.1.1~dfsg-1_all.deb
 e31216196ff5b9dcfc2310d1033fc1fd5b603af8 3288858 nodejs_5.1.1~dfsg-1_amd64.deb
Checksums-Sha256:
 64337c62cb6497a44178e97ffb7073c81d86ba2a70db292a1c450572885b6a1b 2362 
nodejs_5.1.1~dfsg-1.dsc
 58c26602135605e43a0aab55f3b49f6f47996b127c0376f54cb6f6ce2c91c116 9422575 
nodejs_5.1.1~dfsg.orig.tar.gz
 18821f0e5a79aa9cbb952e82e72bf190b09eafa01f8e8cc4aec1c3c220570283 349332 
nodejs_5.1.1~dfsg-1.debian.tar.xz
 dcea8abbe01512a29e8df46b553be48330706d931051696f0b563fe43913a580 96694984 
nodejs-dbg_5.1.1~dfsg-1_amd64.deb
 f682f1f4be196648ae55d293bd89983adb9d931e94f519788d1fa55be2c51c3c 458860 
nodejs-dev_5.1.1~dfsg-1_amd64.deb
 186f61214f0418044b3209fa36e8f3ae173edc62c683b42ca36775456c739984 205402 
nodejs-legacy_5.1.1~dfsg-1_all.deb
 7c28b6a9aca7a2d993a9d762946c2e3d678ad4eee2b0428b675fcceb48687148 3288858 
nodejs_5.1.1~dfsg-1_amd64.deb
Files:
 66e7d1e4d7c6f7994d0864ba7f1602da 2362 web - nodejs_5.1.1~dfsg-1.dsc
 150f59c0adb735f7322632b3fb206121 9422575 web - nodejs_5.1.1~dfsg.orig.tar.gz
 2872f278f5e1939928549eb63ae6bfb6 349332 web - nodejs_5.1.1~dfsg-1.debian.tar.xz
 9a6d7f237e804b5b0f93e4e444746afc 96694984 debug extra 
nodejs-dbg_5.1.1~dfsg-1_amd64.deb
 7d52b26ef03cb854dda95985595edf49 458860 devel extra 
nodejs-dev_5.1.1~dfsg-1_amd64.deb
 d88ab9326f8a5539c06d62513158e6a9 205402 web extra 
nodejs-legacy_5.1.1~dfsg-1_all.deb
 dae53a59e0b8f58b1565a9fbef36a360 3288858 web optional 
nodejs_5.1.1~dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWYVwNAAoJEGYRwF7dOfN0K/sQAJGG8kS/P3IzUOScDbI8lQaS
CKnk1L27z20B4F/ueye6U1Zore3T60QhbdmT8DiAMYRxxEWo5rSm0gNnEeDeyaQN
CmvOMiuDvVCLs7NcEQhV6mbs2BHFOhrxpHWIt2s+WaWCQEbcZ2Wu5YkAvq3AB9pU
lD/gbLyoY/ymz0LfhjDdO76zRk9HZbj2NousGFehnu4nOZgOQU2XbZCcJUyPEsUQ
6wj1Y1JhtHI0tqRY1loHgGsHyt24WpKTsmDA4pA9vna4ctmFTGNeqkCcvdhKn+sB
Z3o9dca3gKcfI7pxM9BX+3/d4spq7sQLzoiOV2ESuTNfdF5qV5VtItQvQ23NxVuW
OChzYqtRA0watcespE0zmBf9U45+9wTY0lG2fCH6TDLCxgqWhYkCwIplMYysCkzM
NQLTxKigkohsd/QjauPbkfshhlncHLSf0L0MHVKwmIoU/Ox74nwRbYd0Ggw+0lnl
IqwYkTt+uwQXOzY+erkZ2Y+BNfMiU6J4KKLHAclNo2Wn2DjYZVOan65Nlc0GDY0Z
zak1JdTvRvZMba4/ekGWJZHdYZreYHqEDKcNlkLnkv1hvsdgQZP/k6/uU/8bwKlN
Q6cGgbt3RPFrg9yZRUY9F+PuLsujLkxnT0rLsubrL5qkeuWbiqUApANIX6O3C05K
f1b4Hhm9PN0ejYRaIZns
=wgY/
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to