Re: [Pkg-javascript-devel] node-tap-mocha-reporter_3.0.6-1_amd64.changes REJECTED
On Wed, Sep 6, 2017 at 10:35 AM, Jonas Smedegaard <jo...@jones.dk> wrote: > Quoting roucaries bastien (2017-09-06 10:11:24) >> On Tue, Sep 5, 2017 at 11:00 PM, Thorsten Alteholz >> <ftpmas...@ftp-master.debian.org> wrote: >> > >> > Hi Bastien, >> > >> > please mention TJ Holowaychuk in your debian/copyright. >> >> Done reuploaded >> >> Will open a bug against license check, and will add a mental note > > Thanks, I will look forward to that, whatever it means. :-) > > Remember to also push the packaging git to Alioth - it seems you didn't > yet. I usually wait for ftpmaster green light. For imagemagick some file where not distributable at all > > - Jonas > > -- > * Jonas Smedegaard - idealist & Internet-arkitekt > * Tlf.: +45 40843136 Website: http://dr.jones.dk/ > > [x] quote me freely [ ] ask before reusing [ ] keep private -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] node-stack-utils_1.0.1-1_amd64.changes REJECTED
On Tue, Sep 5, 2017 at 11:00 PM, Thorsten Alteholzwrote: > > Hi, > > please mention Isaac Z. Schlueter in your debian/copyright. Done and reuploaded > > Thanks! > Thorsten > > > > === > > Please feel free to respond to this email if you don't understand why > your files were rejected, or if you upload new files which address our > concerns. > -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] node-clean-yaml-object_0.1.0-1_amd64.changes REJECTED
On Tue, Sep 5, 2017 at 11:00 PM, Thorsten Alteholzwrote: > > Hi Bastien, > > please mention Isaac Z. Schlueter in your debian/copyright. Done thanks > Thanks! > Thorsten > > > > === > > Please feel free to respond to this email if you don't understand why > your files were rejected, or if you upload new files which address our > concerns. > -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] node-tap-mocha-reporter_3.0.6-1_amd64.changes REJECTED
On Tue, Sep 5, 2017 at 11:00 PM, Thorsten Alteholzwrote: > > Hi Bastien, > > please mention TJ Holowaychuk in your debian/copyright. Done reuploaded Will open a bug against license check, and will add a mental note > Thanks! > Thorsten > > > > === > > Please feel free to respond to this email if you don't understand why > your files were rejected, or if you upload new files which address our > concerns. > -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#863481: Bug#863481: [node-concat-stream] Uninitialized Memory Exposure
I can do it but I do not know that is the best: - let 1.6 go to unstable - patch old version Could you ask release team. The debdiff between the two version is so small that I have doubt On Sat, May 27, 2017 at 6:53 PM, Ross Gammonwrote: > Hi Bastien, > > If you would like me to prepare an upload to unstable for this (& unblock > request), let me know. I have some time today & tomorrow - but travelling > with work next week. I have DM upload rights for it. > > Only asking in case you are already working on it. > > Cheers, > > Ross > > > On 05/27/2017 04:51 PM, Bastien ROUCARIÈS wrote: > > Package: node-concat-stream > Version: 1.5.1-1 > Severity: grave > Tags: patch security fixed-upstream fixed-in-experimental > X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org > forwarded: https://snyk.io/vuln/npm:concat-stream:20160901 > > Overview > > concat-stream is writable stream that concatenates strings or binary data > and > calls a callback with the result. Affected versions of the package are > vulnerable to Uninitialized Memory Exposure. > > A possible memory disclosure vulnerability exists when a value of type > number > is provided to the stringConcat() method and results in concatination of > uninitialized memory to the stream collection. > > This is a result of unobstructed use of the Buffer constructor, whose > insecure > default constructor increases the odds of memory leakage. > > > > -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] node-ripemd160_2.0.1+20172804git0cd03c4f72385-1_amd64.changes REJECTED
On Sat, Apr 29, 2017 at 11:00 AM, Chris Lambwrote: > > Copyright: 2017 FIX_ME upstream author > > .. does not match LICENSE. Oh sorry will add a lintian tag for it... Add copyright year forget the author > -- Chris Lamb Sat, 29 Apr 2017 08:12:58 + > > > > === > > Please feel free to respond to this email if you don't understand why > your files were rejected, or if you upload new files which address our > concerns. > -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
[Pkg-javascript-devel] Bug#860939: node-diffie-hellman: Please clarify security concerns
control: forwarded -1 https://github.com/crypto-browserify/diffie-hellman/issues/22 On Sat, Apr 22, 2017 at 10:32 AM, Chris Lambwrote: > Source: node-diffie-hellman > Version: 5.0.2-1 > Severity: serious > X-Debbugs-CC: Bastien Roucariès > > Hi, > > I just ACCEPTed node-diffie-hellman from NEW but thought I would > file this bug to ensure that the concerns on debian-devel were > addressed etc. > > eg. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860771#10 Thanks > > Regards, > > -- > ,''`. > : :' : Chris Lamb > `. `'` la...@debian.org / chris-lamb.co.uk >`- -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] node-date-now_1.0.1-1_amd64.changes REJECTED
On Wed, Apr 5, 2017 at 9:00 PM, Thorsten Alteholzwrote: > > Hi Bastien, > > in case colingo and raynos are not the same person, than colingo should > be also mentioned in your debian/copyright. Thanks I have openned a bug upsteam. Bastien > > Thanks! > Thorsten > > > > === > > Please feel free to respond to this email if you don't understand why > your files were rejected, or if you upload new files which address our > concerns. > -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel