Re: [Pkg-javascript-devel] node-tap-mocha-reporter_3.0.6-1_amd64.changes REJECTED

[roucaries bastien]

On Wed, Sep 6, 2017 at 10:35 AM, Jonas Smedegaard <jo...@jones.dk> wrote:
> Quoting roucaries bastien (2017-09-06 10:11:24)
>> On Tue, Sep 5, 2017 at 11:00 PM, Thorsten Alteholz
>> <ftpmas...@ftp-master.debian.org> wrote:
>> >
>> > Hi Bastien,
>> >
>> > please mention TJ Holowaychuk in your debian/copyright.
>>
>> Done reuploaded
>>
>> Will open a bug against license check, and will add a mental note
>
> Thanks, I will look forward to that, whatever it means. :-)
>
> Remember to also push the packaging git to Alioth - it seems you didn't
> yet.

I usually wait for ftpmaster green light. For imagemagick some file
where not distributable at all

>
>  - Jonas
>
> --
>  * Jonas Smedegaard - idealist & Internet-arkitekt
>  * Tlf.: +45 40843136  Website: http://dr.jones.dk/
>
>  [x] quote me freely  [ ] ask before reusing  [ ] keep private

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] node-stack-utils_1.0.1-1_amd64.changes REJECTED

[roucaries bastien]

On Tue, Sep 5, 2017 at 11:00 PM, Thorsten Alteholz
 wrote:
>
> Hi,
>
> please mention Isaac Z. Schlueter in your debian/copyright.

Done and reuploaded
>
> Thanks!
>  Thorsten
>
>
>
> ===
>
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
>

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] node-clean-yaml-object_0.1.0-1_amd64.changes REJECTED

[roucaries bastien]

On Tue, Sep 5, 2017 at 11:00 PM, Thorsten Alteholz
 wrote:
>
> Hi Bastien,
>
> please mention Isaac Z. Schlueter in your debian/copyright.
Done thanks


> Thanks!
>  Thorsten
>
>
>
> ===
>
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
>

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] node-tap-mocha-reporter_3.0.6-1_amd64.changes REJECTED

[roucaries bastien]

On Tue, Sep 5, 2017 at 11:00 PM, Thorsten Alteholz
 wrote:
>
> Hi Bastien,
>
> please mention TJ Holowaychuk in your debian/copyright.

Done reuploaded

Will open a bug against license check, and will add a mental note

> Thanks!
>  Thorsten
>
>
>
> ===
>
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
>

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#863481: Bug#863481: [node-concat-stream] Uninitialized Memory Exposure

[roucaries bastien]

I can do it but I do not know that is the best:
- let 1.6 go to unstable
- patch old version

Could you ask release team.

The debdiff between the two version is so small that I have doubt

On Sat, May 27, 2017 at 6:53 PM, Ross Gammon  wrote:
> Hi Bastien,
>
> If you would like me to prepare an upload to unstable for this (& unblock
> request), let me know. I have some time today & tomorrow - but travelling
> with work next week. I have DM upload rights for it.
>
> Only asking in case you are already working on it.
>
> Cheers,
>
> Ross
>
>
> On 05/27/2017 04:51 PM, Bastien ROUCARIÈS wrote:
>
> Package: node-concat-stream
> Version: 1.5.1-1
> Severity: grave
> Tags: patch security fixed-upstream fixed-in-experimental
> X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
> forwarded: https://snyk.io/vuln/npm:concat-stream:20160901
>
> Overview
>
> concat-stream is writable stream that concatenates strings or binary data
> and
> calls a callback with the result. Affected versions of the package are
> vulnerable to Uninitialized Memory Exposure.
>
> A possible memory disclosure vulnerability exists when a value of type
> number
> is provided to the stringConcat() method and results in concatination of
> uninitialized memory to the stream collection.
>
> This is a result of unobstructed use of the Buffer constructor, whose
> insecure
> default constructor increases the odds of memory leakage.
>
>
>
>

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] node-ripemd160_2.0.1+20172804git0cd03c4f72385-1_amd64.changes REJECTED

[roucaries bastien]

On Sat, Apr 29, 2017 at 11:00 AM, Chris Lamb
 wrote:
>
> Copyright: 2017 FIX_ME upstream author
>
> .. does not match LICENSE.

Oh sorry will add a lintian tag for it... Add copyright year forget the author

>  -- Chris Lamb   Sat, 29 Apr 2017 08:12:58 +
>
>
>
> ===
>
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
>

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#860939: node-diffie-hellman: Please clarify security concerns

[roucaries bastien]

control: forwarded -1
https://github.com/crypto-browserify/diffie-hellman/issues/22


On Sat, Apr 22, 2017 at 10:32 AM, Chris Lamb  wrote:
> Source: node-diffie-hellman
> Version: 5.0.2-1
> Severity: serious
> X-Debbugs-CC: Bastien Roucariès 
>
> Hi,
>
> I just ACCEPTed node-diffie-hellman from NEW but thought I would
> file this bug to ensure that the concerns on debian-devel were
> addressed etc.
>
> eg. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860771#10


Thanks
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] node-date-now_1.0.1-1_amd64.changes REJECTED

[roucaries bastien]

On Wed, Apr 5, 2017 at 9:00 PM, Thorsten Alteholz
 wrote:
>
> Hi Bastien,
>
> in case colingo and raynos are not the same person, than colingo should
> be also mentioned in your debian/copyright.

Thanks I have openned a bug upsteam.

Bastien
>
> Thanks!
>  Thorsten
>
>
>
> ===
>
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
>

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel