[Pkg-javascript-devel] Bug#1013264: marked as done (node-got: CVE-2022-33987)
Your message dated Fri, 01 Jul 2022 15:32:11 + with message-id and subject line Bug#1013264: fixed in node-got 11.8.1+~cs53.13.17-3+deb11u1 has caused the Debian Bug report #1013264, regarding node-got: CVE-2022-33987 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1013264: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013264 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: node-got X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for node-got. CVE-2022-33987[0]: | The got package before 12.1.0 for Node.js allows a redirect to a UNIX | socket. https://github.com/sindresorhus/got/pull/2047 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-33987 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: node-got Source-Version: 11.8.1+~cs53.13.17-3+deb11u1 Done: Yadd We believe that the bug you reported is fixed in the latest version of node-got, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1013...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated node-got package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 29 Jun 2022 16:30:16 +0200 Source: node-got Architecture: source Version: 11.8.1+~cs53.13.17-3+deb11u1 Distribution: bullseye Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Yadd Closes: 1013264 Changes: node-got (11.8.1+~cs53.13.17-3+deb11u1) bullseye; urgency=medium . * Team upload * Don't allow redirection to Unix socket (Closes: #1013264, CVE-2022-33987) Checksums-Sha1: 46b5f838078180dbb19e68f0a0d109eeba8526e8 7529 node-got_11.8.1+~cs53.13.17-3+deb11u1.dsc fbf2a29358309a1d66751c6cede4f2c93aecb6a1 8124 node-got_11.8.1+~cs53.13.17-3+deb11u1.debian.tar.xz Checksums-Sha256: f921bec8e02ba5fb29e70f3c603dea95eab60cd71a43d16644f82a81d82891a3 7529 node-got_11.8.1+~cs53.13.17-3+deb11u1.dsc cfd59c025fe6911700e2add4dd3309b54d6ba9a1f4a1953e10988599f2b7a3ec 8124 node-got_11.8.1+~cs53.13.17-3+deb11u1.debian.tar.xz Files: b2e03b2753896c852d0f668f71f18727 7529 javascript optional node-got_11.8.1+~cs53.13.17-3+deb11u1.dsc 8d8e0eaf15330e914ba9c6e1ad7d6697 8124 javascript optional node-got_11.8.1+~cs53.13.17-3+deb11u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmK9IogACgkQ9tdMp8mZ 7ukvZw/+KspgWRw9pfH4cL45K0OoWb5hxPG+HzIOv9m9Grymr8TTUfMWWlo8yTE1 e6gJTjt14IjFcZ3qAQPn5fQGNDCu2HPQHKaEJ8cOVQs+YuQuNY521nIiynYahlht STXvsXoML0jo4/QMrvc6qRhpiSx16w5/dibOJPvbomkdRTEFsPEYU7rHFHZn20te 3nkfG1W/GhPprv1iDygics3JjEqzp5Rm3FP9DGfXdupyVuJuxpS+JKgdZNz2iOMa 9j4SCBJk+TZsTgr/rjh6EG+jlgt5VkMFey7SyFhHpCa7wY5UZJvEugf7KtD6vNxC AxaOpnin0DwK0n5RBEHk+klUjokqIk8C9GqOJEyDE4mX2F0K2ne06Mveowu/URcs A4BlfXzzMBwf4lRrllCBCReWbtQvaRewyRqP9CW/5jmjQN+dThJLCUFaXByKWUwD 8wvNJNC3Ca/e3b/6QmWQaXfq9sta8ZkPNsyZgFfYpVua02QoDqPtJyPcY4F80xYF QY7nYDUc2Mrhb/ISECe99x18xYIU8qwMM3QzGZ9vq0dj2ht7W9ek8U+t/4Kssh62 sI3uzLOUx9YRbP7G9JnKGxZECKH8GIDBNlHsI6LYe1+djho3Rp/to+DLi1dPBwYz 7iWkSqqEkVR0D44Huf2Dlx3l5bG0+Fo6DVrMciMxC+NqxVLW6Qw= =LvPl -END PGP SIGNATURE End Message --- -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#1013264: marked as done (node-got: CVE-2022-33987)
Your message dated Wed, 29 Jun 2022 14:47:37 + with message-id and subject line Bug#1013264: fixed in node-got 11.8.3+~cs58.7.37-3 has caused the Debian Bug report #1013264, regarding node-got: CVE-2022-33987 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1013264: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013264 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: node-got X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for node-got. CVE-2022-33987[0]: | The got package before 12.1.0 for Node.js allows a redirect to a UNIX | socket. https://github.com/sindresorhus/got/pull/2047 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-33987 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: node-got Source-Version: 11.8.3+~cs58.7.37-3 Done: Yadd We believe that the bug you reported is fixed in the latest version of node-got, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1013...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated node-got package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 29 Jun 2022 16:11:01 +0200 Source: node-got Built-For-Profiles: nocheck Architecture: source Version: 11.8.3+~cs58.7.37-3 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Yadd Closes: 1013264 Changes: node-got (11.8.3+~cs58.7.37-3) unstable; urgency=medium . * Team upload * Declare compliance with policy 4.6.1 * Add lintian overrides * Don't allow redirection to Unix socket (Closes: #1013264, CVE-2022-33987) Checksums-Sha1: 1b6c865c24c07ef5c2947edb267ea098aee17795 7488 node-got_11.8.3+~cs58.7.37-3.dsc 5e82f0bc8e2aa0e4cea41d2b9595d7c594c5cf1d 9264 node-got_11.8.3+~cs58.7.37-3.debian.tar.xz Checksums-Sha256: e44a5a81b293d97a7fdd3eda6027b4cca45a075a6668b672704ef565938824c9 7488 node-got_11.8.3+~cs58.7.37-3.dsc 958be44d32cd0a17ae356927c63b261517b8772d11311171699e69c0a088896d 9264 node-got_11.8.3+~cs58.7.37-3.debian.tar.xz Files: 053f4273eac23e7c0b85ec67bf8632e2 7488 javascript optional node-got_11.8.3+~cs58.7.37-3.dsc 0f2b007f3f4e180bd32d8ab10b3f0519 9264 javascript optional node-got_11.8.3+~cs58.7.37-3.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmK8XjgACgkQ9tdMp8mZ 7ulZpw/+OEXzlGPetATfPC+gq1TGgCgjeY1uLzhIF1M6zGfPlzp9QyiKJLPd9I55 al+k5lQSlUl/vJGHJq6t4/5MVyGVUPqOKrEE13mpNkrIbY7yEDOsWIj3albAKA/5 HuVWJeQGTOum0qOtYm/UiP/vqV2BP+aIWD6NhiACLd8DwhDJjtB+Jh42ZqN/I2EE kpiW2dvAhDaUj7ghonDew1FEucxLLxQUv45A8ZKbL+ZOHynSFrz4KawZcQF/5DN7 Xzl/vavwpNXYtQJ6fJLxmjKT4AQ1gA1M280bnfoKHNCqipXGKslHP8vbJtI4BfUp GeTu9EsAm13+r8mUE5LgteLcY0lVk1AcD4DfAgCVWfcckPgmPdb2n+p6KQ9MCQI6 4kGq+MummK9pZzwCR3fT5h5c6OZViIKAXkLbkF9TCzI+AsBcehK9vJ3YSLh0rEdl 9cKtr8x7gDj5h17PBsza8E10UbbsaAGtyA26WtM+OV29rGZy4RL9KMy/IEKPAxMa BoxTn05go7fcVyw8J+5qZGshxwNHo2zm+3l/FgyudmSSL552IBQUHnXpP1aXOpgL kI6mDGlmq+WzLbpMNjbB44U6ZeIIymGuUTxIZtba8JZCfK60mzp2ZgRR0BRlf2V+ ca9EZ0lRQBKgPID65Vp8T70ME9qw9CNM9aoB/n+vwMGBrNbZ7aA= =oVHK -END PGP SIGNATURE End Message --- -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel