[Pkg-javascript-devel] Bug#932500: marked as done (vulnerability: CVE-2019-10746: prototype pollution)
Your message dated Wed, 31 Jul 2019 08:12:47 + with message-id and subject line Bug#932500: fixed in node-mixin-deep 1.1.3-3+deb10u1 has caused the Debian Bug report #932500, regarding vulnerability: CVE-2019-10746: prototype pollution to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 932500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932500 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: node-mixin-deep Version: 1.1.3-3 Severity: important Dear Maintainer, node-mixin-deep 1.1.3-3 is affected by a prototype pollution vulnerability: https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 https://github.com/jonschlinkert/mixin-deep/issues/6 Please upgrade to either 1.3.2 or 2.0.1. Thanks, Paolo -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/12 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages node-mixin-deep depends on: ii node-for-in 1.0.2-1 ii node-is-extendable 1.0.1-1 ii nodejs 10.15.2~dfsg-2 node-mixin-deep recommends no packages. node-mixin-deep suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: node-mixin-deep Source-Version: 1.1.3-3+deb10u1 We believe that the bug you reported is fixed in the latest version of node-mixin-deep, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 932...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard (supplier of updated node-mixin-deep package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 20 Jul 2019 17:41:17 +0200 Source: node-mixin-deep Architecture: source Version: 1.1.3-3+deb10u1 Distribution: buster Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Xavier Guimard Closes: 932500 Changes: node-mixin-deep (1.1.3-3+deb10u1) buster; urgency=medium . * Team upload * Fix prototype pollution (Closes: #932500, CVE-2019-10746) Checksums-Sha1: 11bf4c0d49d37420025d453d3e3f1262be5c5c1e 2168 node-mixin-deep_1.1.3-3+deb10u1.dsc 5334c4a71599824920cffe4f6e8c1c54f9e24548 2964 node-mixin-deep_1.1.3-3+deb10u1.debian.tar.xz Checksums-Sha256: b9efe61ac02899a3a3b3efb7790bb6441fb5900a8ca43ed8003b4201198a92d7 2168 node-mixin-deep_1.1.3-3+deb10u1.dsc 2d4ff27169fbf7db4f4c7a2112cebad5cb4b72448a34bc55a7e19bd3e9a768ca 2964 node-mixin-deep_1.1.3-3+deb10u1.debian.tar.xz Files: 5fa4fcb5f57bd40b5af59dc8f9790398 2168 javascript optional node-mixin-deep_1.1.3-3+deb10u1.dsc 3f1ec6177f37f49235741a9d45bd776a 2964 javascript optional node-mixin-deep_1.1.3-3+deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl079SIACgkQ9tdMp8mZ 7ulNOA//dlzvHRv+BJ293D2Jmhx2POC4VFNdg/W2zh54AyaUkkYJqh4cdDrSa0aN kHvtZnJ/YPIpciCTrL5zPoYfEaApDjyzLJSGfh89TCLy1kcEDGQCyXAOe4JxYDyS TBYHiazInxAfXN8+70CHWYyc520Ni4UiVbeiqzy4tZVEoOsfJ/7ZA7EUOypEb2BF IIc4vNT+iZX1+L+tVhQlcvJ0VNdPlzpjUMdrw0JzV5zd252T5K4yyJdQBPH4yii9 +EHle53/omaKK3uDIwyADdG7vUa5nbVQ7vUNDgrTTmPQfo0zv6gb+/f+n0ai99B2 JFE5ySEH8swbHItCDK4OgBv6isIAeK9HSnXo4q0/qI+XnDuIhT6z43toD1Ajd2cQ XVuKO5aHHii4kjrCeUrAS6Fe4b9ImH4IasbdsHoPrEVFDjWDYEH2zV7LvRsYOK0g JtLpFO71P9RbEy7A3d8mk5Mi+9DwkrvG6czyEFFSovbsoMJ7OBItGKxVSJ5qCJGy 2WxDoWhVSxX0PmIGTuwYsVnEidItFLDYPW7LIHfTiPXho6v7rs9WlSSMe+H5me9q T2/dtUvB2piOwkFu8J5DZCnBUos0QD7Tn9G0pIBG45LOxyhJ3kBOhOgbZGXXMsZ4 JrkbOABwHCIOAqzT5k4uOM090El66sBNrBjI6ouuH2aNJgsnQR4= =aHrs -END PGP SIGNATURE End Message --- -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#932500: marked as done (vulnerability: CVE-2019-10746: prototype pollution)
Your message dated Sat, 20 Jul 2019 16:42:02 + with message-id and subject line Bug#932500: fixed in node-mixin-deep 2.0.1-1 has caused the Debian Bug report #932500, regarding vulnerability: CVE-2019-10746: prototype pollution to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 932500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932500 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: node-mixin-deep Version: 1.1.3-3 Severity: important Dear Maintainer, node-mixin-deep 1.1.3-3 is affected by a prototype pollution vulnerability: https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 https://github.com/jonschlinkert/mixin-deep/issues/6 Please upgrade to either 1.3.2 or 2.0.1. Thanks, Paolo -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/12 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages node-mixin-deep depends on: ii node-for-in 1.0.2-1 ii node-is-extendable 1.0.1-1 ii nodejs 10.15.2~dfsg-2 node-mixin-deep recommends no packages. node-mixin-deep suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Source: node-mixin-deep Source-Version: 2.0.1-1 We believe that the bug you reported is fixed in the latest version of node-mixin-deep, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 932...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard (supplier of updated node-mixin-deep package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 20 Jul 2019 18:00:22 +0200 Source: node-mixin-deep Architecture: source Version: 2.0.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Xavier Guimard Closes: 932500 Changes: node-mixin-deep (2.0.1-1) unstable; urgency=medium . * Team upload * Bump debhelper compatibility level to 12 * Declare compliance with policy 4.4.0 * Add debian/gbp.conf * Move installed files to /usr/share/nodejs * New upstream version 2.0.1 (Closes: #932500, CVE-2019-10746) * Remove patches now included in upstream * Update debian/copyright Checksums-Sha1: e5ddb35672c77558ec56cdc4a86ba26d6468e557 2125 node-mixin-deep_2.0.1-1.dsc 256d3e9c2c068abf2507cd2e5216106dbf877f3c 6037 node-mixin-deep_2.0.1.orig.tar.gz 3c878629d2bcfaf16e0d6ba26a47f9086a3d2205 2520 node-mixin-deep_2.0.1-1.debian.tar.xz Checksums-Sha256: 5a2689b2f4446c9b8e0fbac82f588ae6e8ad7b52f8aa28798404ab26e0fbd2fc 2125 node-mixin-deep_2.0.1-1.dsc e6e2b1bfc46f55c7d60fa1a378bfac186e96871545e93bbf240a11dd0003001e 6037 node-mixin-deep_2.0.1.orig.tar.gz 64ae3661f207b6e694b2ac2d0a3f3197acd947d679d90f76615b862937eef4da 2520 node-mixin-deep_2.0.1-1.debian.tar.xz Files: 5b17212abf8b2ac16379b7c5fbfd1a03 2125 javascript optional node-mixin-deep_2.0.1-1.dsc d126111d535e2111aa1bfb7109078e9f 6037 javascript optional node-mixin-deep_2.0.1.orig.tar.gz 2ac84531b8a923aff15e7c16146452aa 2520 javascript optional node-mixin-deep_2.0.1-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl0zOuMACgkQ9tdMp8mZ 7uktvQ/+PKV/HZlP+aWN3AO44/NjV+byeuPq6IG0Lb24PrXjxyNpXeg1+Up4ffaj mtp0ljGLOm/D9QKBM2yjEmm8Zvaa4men/5K5qDqesxKvW1e9V+rYanxvw0bBKjJM gbvpqeSrPpZ7w8DjXevdRnsZbMqp24zChwJBy9g0Hpt7i+97MkJe43xexewSWrXv tz5kx7NPr4b6L6sbAe5Wi1J/frV0r2nWnxS8TrX9qXDTRIWQ3vCrKbMR+TH9vyJg xNZEsZmJ8IGcC3yUEhzZHCXhqrxbjEknkDtdGoDDbJoeE31Xxf7Gq17JWKWkgaV1 hPopPOlrecEhM6K2TC4C4jtgPwIJ87R2LV/HIjABabvQwo4lCSq0KfycKlWGch17 Nf74+0Mk6u2eXzWuv9H6oyPWtSGJrohzChkCC6ZUK62LHhuYueEcn7k8o/J6miIA dDldZhDpN0UP/Y1BmDotn8v3lULAz/DLVsl+nZhaRIRUyR69LF41yWac9U97SCk7 FFFCO2uw2xZQ3AjL2L8U+qeVzc+MToXg/NKK6UAaw5Se6fQuNNgcjtrTimjJOhap XVvyY8oSqGKCrE5fuV4L9MP08aQ54zWiiFqSvIVKQHke2ZChe8jm7R6DHvzdxKvp tP49ld0OGmIGaoGaY3TF1YjGgVQ3Ex76