Your message dated Mon, 17 Jul 2017 21:34:32 +0000
with message-id <e1dxdey-000cxh...@fasolo.debian.org>
and subject line Bug#868162: fixed in nodejs 4.8.4~dfsg-1
has caused the Debian Bug report #868162,
regarding July 11th Security release
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
868162: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868162
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nodejs
Severity: grave
Tags: security

Hi,
please see https://nodejs.org/en/blog/release/v4.8.4/
and https://nodejs.org/en/blog/release/v6.11.1/

The hash see vulnerabiliy doesn't have a CVE ID yet and the
c-ares one is being addressed via the sec:c-ares package.

Cheers,
        Moritz

--- End Message ---
--- Begin Message ---
Source: nodejs
Source-Version: 4.8.4~dfsg-1

We believe that the bug you reported is fixed in the latest version of
nodejs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 17 Jul 2017 22:08:48 +0200
Source: nodejs
Binary: nodejs-dev nodejs nodejs-dbg nodejs-legacy
Architecture: source
Version: 4.8.4~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Jérémy Lal <kapo...@melix.org>
Description:
 nodejs     - evented I/O for V8 javascript
 nodejs-dbg - evented I/O for V8 javascript (debug)
 nodejs-dev - evented I/O for V8 javascript (development files)
 nodejs-legacy - evented I/O for V8 javascript (legacy symlink)
Closes: 868162
Changes:
 nodejs (4.8.4~dfsg-1) unstable; urgency=medium
 .
   * New upstream version 4.8.4~dfsg
 .
   [ Upstream ]
   * Security fix: Constant Hashtable Seeds (CVE pending)
     Closes: #868162.
   * http.get with numeric authorization options creates
     uninitialized buffers
Checksums-Sha1:
 ab676945b0dc1eb6d8311e4244562f4d59a278b5 2541 nodejs_4.8.4~dfsg-1.dsc
 850d909e5374e1763a82aeea5deaabced101c913 9736496 nodejs_4.8.4~dfsg.orig.tar.gz
 b37237f020937cbae53d8b2439f1099cecbd7306 349220 
nodejs_4.8.4~dfsg-1.debian.tar.xz
 d6e104d6862411b29460da9d4441437f7cde2576 7068 
nodejs_4.8.4~dfsg-1_source.buildinfo
Checksums-Sha256:
 53ac712b9e64b5065fc2d305d20077a00e027b05992392ed51ebca7883dd9231 2541 
nodejs_4.8.4~dfsg-1.dsc
 2d58be4bab8bdb352a0e8041ba524c59018dca8893cf98677219a1c92b72d179 9736496 
nodejs_4.8.4~dfsg.orig.tar.gz
 873de37660cc478955241b09b642cf5553d08f2ff549b5acfa3b4645feb0fe79 349220 
nodejs_4.8.4~dfsg-1.debian.tar.xz
 7370933d832c3883f878a1595fccc3bb832da0e9c01e50ccce327cd6f78761c9 7068 
nodejs_4.8.4~dfsg-1_source.buildinfo
Files:
 cc26a0673d084fd07b1ff137b67e31b4 2541 web - nodejs_4.8.4~dfsg-1.dsc
 9f9549383a5fb99b41763d291a48d16e 9736496 web - nodejs_4.8.4~dfsg.orig.tar.gz
 39f2eb5f400abef7fd1a315e230a019e 349220 web - nodejs_4.8.4~dfsg-1.debian.tar.xz
 f9419422c662b7cc677cd2372db0799c 7068 web - 
nodejs_4.8.4~dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAlltKXISHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0tGwP/AlfLRkZLf4cj6cV85eZt274T7AOQ4Cf
6dZ0xmiw54fLIVvfY/2xkZzVlxGf7comCafP8bsDsTUeA58j1k7lcvALMZXDDW4f
PFfUpk2FenGUmW6d4iv0Kh6234ie/DuScpqnrxTSneOmxWFfVvwH6xy5Mqj3MfXo
y07mVDvrOl2pCc+QbkP4XLZaGs6/86MO1pG57n87wjJnrxtbXcBSMuZ4f1quFz/o
5514IciNUkgyNZyoCt9V9DpOLomcZRhEJwiRMbiEPQQl4TAFfu0PfQrucFjY61V7
aVKgqKzuLrZa3YrChQTlOA1VtqXHf8KuQ5YlIt36RBjQbHUn9HcmO6lUSjaTiHxg
SRZHVSKDseiJ2DbAj1KQK0QLyqEPlHFRFigaZPKhNCsT8s/Yqiua+nbKuH3/whuJ
IqHdCf9IZc8XNqBEIQPLQcTGZyHRIHNZHaFMxzDwB28slpGqfv9voz+KG33izLxi
0fkdqfJF1I9nXQT7lWZmw22cQVQwC/l39ecpMWpyk+/p1Fcnbb64JR7mjujNp46X
hdzXO5zQuTER2qMprNWcmEYx6OZpgiUxce6LO7Q1ddFqj77G+81yEyd3W5/tCmrA
RfZerU8au9+pkxG/huUUvQf7odZOvqjsH0ZM9F05SDyfaO7tTFPiO86H8qtbT3he
ef14qCd3vluU
=9poE
-----END PGP SIGNATURE-----

--- End Message ---
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to