)
[ Changes ]
Regex fix
Cheers,
Xavier
diff --git a/debian/changelog b/debian/changelog
index c96adf9c..240d1f4d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cyrus-imapd (3.0.8-6+deb10u5) buster; urgency=medium
+
+ * Fix cron script (Closes: #980240)
+
+ -- Xavier Guimard Sat
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: pkg-javascript-de...@lists.alioth.debian.org
Hi,
node-request is deprecated (#956423) and won't be part of Bullseye. I'd
like to see it removed from testing after node-jsdom
@@ -1,3 +1,11 @@
+node-ini (1.3.5-1+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Do not allow invalid hazardous string as section name
+(Closes: #977718, CVE-2020-7788)
+
+ -- Xavier Guimard Sat, 19 Dec 2020 20:48:36 +0100
+
node-ini (1.3.5-1) unstable; urgency=medium
* Team Upload
+
+ * Team upload.
+ * Fix prototype pollution (Closes: #976390, CVE-2020-7774)
+
+ -- Xavier Guimard Fri, 04 Dec 2020 15:41:08 +0100
+
node-y18n (3.2.1-2) unstable; urgency=medium
* Enable tests
diff --git a/debian/patches/CVE-2020-7774.patch
b/debian/patches/CVE-2020-7774.patch
new file
@@ -1,3 +1,11 @@
+libdbi-perl (1.642-1+deb10u2) buster; urgency=medium
+
+ [ Salvatore Bonaccorso ]
+ * t/51dbm_file.t: add test from RT#99508
+ * lib/DBD/File.pm: fix CVE-2014-10401 (Closes: #972180)
+
+ -- Xavier Guimard Thu, 29 Oct 2020 07:35:08 +0100
+
libdbi-perl (1.642-1+deb10u1) buster
-7751)
+
+ -- Xavier Guimard Mon, 26 Oct 2020 04:44:16 +0100
+
node-pathval (1.1.0-3) unstable; urgency=medium
* Point d/watch to /releases instead of /tags.
diff --git a/debian/patches/CVE-2020-7751.diff
b/debian/patches/CVE-2020-7751.diff
new file mode 100644
index 000..7d1ed9a
pollution in set() (Closes: CVE-2020-15256)
+
+ -- Xavier Guimard Thu, 22 Oct 2020 18:38:10 +0200
+
node-object-path (0.11.4-2) unstable; urgency=medium
* Update Vcs fields for migration to https://salsa.debian.org/
diff --git a/debian/patches/CVE-2020-15256.diff
b/debian/patches/CVE-2020
+ * Team upload
+ * Add localInfile option to control LOAD DATA LOCAL INFILE
+(Closes: #934712, CVE-2019-14939)
+
+ -- Xavier Guimard Mon, 14 Sep 2020 15:57:57 +0200
+
node-mysql (2.16.0-1) unstable; urgency=medium
* Team upload
diff --git a/debian/patches/CVE-2019-14939.patch
b/debi
when Perl stack is reallocated
+(Closes: CVE-2020-14392)
+
+ -- Xavier Guimard Thu, 10 Sep 2020 10:04:13 +0200
+
libdbi-perl (1.642-1) unstable; urgency=medium
[ Xavier Guimard ]
diff --git a/debian/patches/CVE-2020-14392.patch
b/debian/patches/CVE-2020-14392.patch
new file mode 100644
: #969668, CVE-2020-7729)
+
+ -- Xavier Guimard Sun, 06 Sep 2020 23:41:10 +0200
+
grunt (1.0.1-8) unstable; urgency=medium
[ Harish K ]
diff --git a/debian/patches/CVE-2020-7729.patch
b/debian/patches/CVE-2020-7729.patch
new file mode 100644
index 000..64bed12
--- /dev/null
+++ b/debian
..3bc7a59 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-elliptic (6.4.1~dfsg-1+deb10u1) buster; urgency=medium
+
+ * Prevent malleability and overflows (Closes: CVE-2020-13822)
+
+ -- Xavier Guimard Tue, 01 Sep 2020 13:24:44 +0200
+
node-elliptic (6.4.1~dfsg-1) unstable
d missing test dependency: mocha
+ * Fix insufficient validation and sanitization of user input
+(Closes: CVE-2020-8124)
+
+ -- Xavier Guimard Tue, 01 Sep 2020 12:55:09 +0200
+
node-url-parse (1.2.0-2) unstable; urgency=medium
* Team upload
diff --git a/debian/control b/debian/control
+1,10 @@
+node-bl (1.1.2-1+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Add patch to fix over-read vulnerability (Closes: #969309, CVE-2020-8244)
+
+ -- Xavier Guimard Mon, 31 Aug 2020 10:35:09 +0200
+
node-bl (1.1.2-1) unstable; urgency=low
* Team upload.
diff --git a/debian
+ * Team upload
+ * Don't show password in logs (Closes: CVE-2020-15095)
+
+ -- Xavier Guimard Fri, 28 Aug 2020 13:36:33 +0200
+
npm (5.8.0+ds6-4+deb10u1) buster; urgency=medium
* Add patches to fix arbitrary path access
diff --git a/debian/patches/CVE-2020-15095.diff
b/debian/patches/CVE-
f7509b9..9b6d599 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-dot-prop (4.1.1-1+deb10u2) buster; urgency=medium
+
+ * Fix regression introduced in CVE-2020-8116 fix (Closes: #960283)
+
+ -- Xavier Guimard Thu, 14 May 2020 09:42:34 +0200
+
node-dot-prop (4.1.1-1
..e4b3abe17 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+lemonldap-ng (2.0.2+ds-7+deb10u4) buster; urgency=medium
+
+ * Fix nginx configuration regression introduced by CVE-2019-19791 fix
+(Closes: #960392)
+
+ -- Xavier Guimard Tue, 12 May 2020 10:59:43 +0200
+
lemonldap
/debian/patches/fix-json-parsing.diff
@@ -0,0 +1,73 @@
+Description: throw if invalid _bsontype is detected
+ Closes: CVE-2019-2391, CVE-2020-7610
+Author: Matt Broadstone
+Bug: https://snyk.io/vuln/SNYK-JS-BSON-561052
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard
+Last-Update: 2020-04-26
/changelog b/debian/changelog
index e35157d..078f2f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-knockout (3.4.2-2+deb9u1) stretch; urgency=medium
+
+ * Team upload
+ * Fix bad escaping for old MSIE (Closes: #943560, CVE-2019-14862)
+
+ -- Xavier Guimard Thu, 26
/changelog b/debian/changelog
index e35157d..078f2f8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-knockout (3.4.2-2+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Fix bad escaping for old MSIE (Closes: #943560, CVE-2019-14862)
+
+ -- Xavier Guimard Thu, 26
(Closes: CVE-2020-7608)
+
+ -- Xavier Guimard Tue, 24 Mar 2020 10:22:44 +0100
+
node-yargs-parser (11.1.1-1) unstable; urgency=medium
[ Utkarsh Gupta ]
diff --git a/debian/patches/CVE-2020-7608.diff
b/debian/patches/CVE-2020-7608.diff
new file mode 100644
index 000..262102e
--- /dev/null
: CVE-2020-8141)
+
+ -- Xavier Guimard Sat, 21 Mar 2020 09:23:57 +0100
+
node-dot (1.1.1-1) unstable; urgency=low
* Initial release (Closes: #862235)
diff --git a/debian/patches/CVE-2020-8141.diff
b/debian/patches/CVE-2020-8141.diff
new file mode 100644
index 000..f1ceb77
--- /dev/null
@@ -0,0 +1,43 @@
+Description: fix for CVE-2020-7598 (prototype pollution)
+ Import whole 1.2.5 changes
+Author: Xavier Guimard
+Bug: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
+Bug-Debian: https://bugs.debian.org/953762
+Forwarded: not-needed
+Last-Update: 2020-03-13
+
+--- a/index.js
b
(Closes: #953587, CVE-2020-5259)
+
+ -- Xavier Guimard Wed, 11 Mar 2020 06:18:23 +0100
+
dojo (1.14.2+dfsg1-1+deb10u1) buster; urgency=medium
* Team upload
diff --git a/debian/patches/CVE-2020-5258.diff
b/debian/patches/CVE-2020-5258.diff
new file mode 100644
index ..4aefd61d
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
current node-srs is not compatible with Node.js ≥ 12. Upgrade is not
possible for now since it requires an update of libgdal (and upgraded
version is not compatible with Node.js ≥ 12 too).
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
Hi,
node-nodedbi is incompatible with Node.js ≥ 12 (#953028). I'd like to
see it removed from testing (only) to permit Node.js 12 migration.
Cheers,
Xavier
: #952771, 2019, 10785)
+
+ -- Xavier Guimard Sat, 29 Feb 2020 09:07:02 +0100
+
dojo (1.15.0+dfsg1-1) unstable; urgency=medium
* New upstream version :
diff --git a/debian/patches/CVE-2019-10785.patch
b/debian/patches/CVE-2019-10785.patch
new file mode 100644
index ..67ab40f2
--- /dev/null
og b/debian/changelog
index 49f8854..a7de1f1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-anymatch (2.0.0-1+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Minimize required dependencies (Closes: #950850)
+
+ -- Xavier Guimard Fri, 07 Feb 2020 14:16:44 +
..f7509b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-dot-prop (4.1.1-1+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Add fix for prototype pollution (Closes: CVE-2020-8116)
+
+ -- Xavier Guimard Thu, 06 Feb 2020 06:33:11 +0100
+
node-dot-prop (4.1.1-1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
Hi all,
pkg-js-tools provides a Node.js auto installer (debhelper plugin) used
by JS Team.
Prior to 0.9.26, pkg-js-tools used DEB_HOST_GNU_TYPE instead of
DEB_HOST_MULTIARCH to install
configuration
+ using the manager and automatic tests will fail if one relying party is
+ misconfigured
+
+ -- Xavier Guimard Fri, 20 Dec 2019 18:12:54 +0100
+
lemonldap-ng (2.0.0+ds-1) unstable; urgency=medium
2.0 is a major release, many things have been changed. You must read
diff
-2019-20149)
+
+ -- Xavier Guimard Fri, 17 Jan 2020 06:19:37 +0100
+
node-kind-of (6.0.2+dfsg-1) unstable; urgency=medium
* Team upload
diff --git a/debian/patches/CVE-2019-20149.diff
b/debian/patches/CVE-2019-20149.diff
new file mode 100644
index 000..0129c8e
--- /dev/null
+++ b/debian
/changelog
index b985661..95811b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-handlebars (3:4.1.0-1+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Disallow calling "helperMissing" and "blockHelperMissing" directly
+(Closes: CVE-2019-19919)
+
+deb10u1) buster; urgency=medium
+
+ * Add patches to fix arbitrary path access
+(Closes: CVE-2019-16775, CVE-2019-16776, CVE-2019-16777)
+
+ -- Xavier Guimard Sun, 15 Dec 2019 16:19:02 +0100
+
npm (5.8.0+ds6-4) unstable; urgency=medium
* Team upload
diff --git a/debian/patches/CVE-2019
100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cyrus-imapd (3.0.8-6+deb10u4) buster; urgency=medium
+
+ * Add BACKUP type to cyrus-upgrade-db (Closes: #930764)
+
+ -- Xavier Guimard Sat, 21 Dec 2019 14:39:58 +0100
+
cyrus-imapd (3.0.8-6+deb10u3) buster-security; urgency=medium
on HTTP request (Closes: CVE-2019-18928)
+
+ -- Xavier Guimard Tue, 19 Nov 2019 22:21:32 +0100
+
cyrus-imapd (3.0.8-6+deb10u1) buster; urgency=medium
* Add patch to fix data loss on upgrade from versions ≤ 3.0.0
diff --git a/debian/patches/CVE-2019-18928.patch
b/debian/patches/CVE-2019-18928
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
CVE-2019-10092 patch added a regression (#941202). This patch fixes it
(taken from
point release.
Cheers,
Xavier
diff --git a/debian/changelog b/debian/changelog
index 8e0033c..ecc4273 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+cyrus-imapd (3.0.8-6+deb10u1) buster; urgency=medium
+
+ * Fix data loss (Closes: #933163)
+
+ -- Xavier Guimard Wed, 09 Oct
941354
+Forwarded: not-needed
+Reviewed-By: Xavier Guimard
+Last-Update: 2019-10-03
+
+--- a/__tests__/registries/npm-registry.js
b/__tests__/registries/npm-registry.js
+@@ -750,6 +750,30 @@
+
+ expect(npmRegistry.getRequestUrl(registry,
pathname)).toEqual('https://my.registry.co/regist
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
node-set-value is vulnerable to prototype pollution (#941189,
CVE-2019-10747). I imported and adapted upstream patch and added a test
inspired from CVE report [1]. I think this
)
+
+ -- Xavier Guimard Mon, 09 Sep 2019 22:16:03 +0200
+
node-mixin-deep (1.1.3-1) unstable; urgency=low
* Initial release (Closes: #842329)
diff --git a/debian/patches/CVE-2018-3719.diff
b/debian/patches/CVE-2018-3719.diff
new file mode 100644
index 000..868f5bb
--- /dev/null
+++ b
index 8162572..9d3352a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-fstream (1.0.10-1+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Clobber a Link if it's in the way of a File
+(Closes: #931408, CVE-2019-13173)
+
+ -- Xavier Guimard Sun, 01 Sep 2019 22:37
e9c9c75..a9bedaf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-ws (1.1.0+ds1.e6ddaae4-3+deb9u1) stretch; urgency=medium
+
+ * Add patch to fix upload size to a sane value
+(Closes: #927671, CVE-2016-10542)
+
+ -- Xavier Guimard Wed, 28 Aug 2019 17:25:11 +0200
/changelog
index 8162572..41fb724 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+node-fstream (1.0.10-1+deb9u1) stretch; urgency=medium
+
+ * Team upload
+ * Clobber a Link if it's in the way of a File
+(Closes: #931408, CVE-2019-13173)
+
+ -- Xavier Guimard Wed, 28 Aug
/debian/changelog
index 70f10cb..880adff 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-lodash (4.17.11+dfsg-2+deb10u1) buster; urgency=medium
+
+ * Team upload
+ * Fix prototype pollution (Closes: #933079, CVE-2019-10744)
+
+ -- Xavier Guimard Tue, 13 Aug 2019 19:02
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
(please explain about the transition: impacted packages, reason, ...
for more info see: https://wiki.debian.org/Teams/ReleaseTeam/Transitions)
Hi all,
pkg-js-tools provides a
Package: release.debian.org
Severity: normal
Hi all,
For the next release, we (pkg-js team) would like to update rollup. Like
many compilers, it build-depends on itself. Current version in Buster is
0.50.0, The last published upstream is 1.17.0.
We would also like to provide a Buster-backports
index 17cb287..74f9154 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-mixin-deep (1.1.3-3+deb10u1) buster; urgency=medium
+
+ * Fix prototype pollution (Closes: #932500, CVE-2019-10746)
+
+ -- Xavier Guimard Sat, 20 Jul 2019 17:41:17 +0200
+
node-mixin-deep (1.1.3-3
ex 000..54f0167
--- /dev/null
+++ b/debian/patches/missing-operator.patch
@@ -0,0 +1,18 @@
+Description: Add missing ES6 "=>" operator
+Author: Xavier Guimard
+Bug: https://rt.cpan.org/Ticket/Display.html?id=129976
+Bug-Debian: https://bugs.debian.org/931379
+Forwarded: https://rt
) stretch; urgency=medium
+
+ * Sanitize input before passing it to exec. This embeds shell-escape little
+module (Closes: #900868, CVE-2017-16042)
+
+ -- Xavier Guimard Fri, 07 Jun 2019 12:14:09 +0200
+
node-growl (1.7.0-1) unstable; urgency=low
* Initial release (closes: #704930).
diff --git
dependency on cyrus-murder (Closes: #872238)
+
+ [ Xavier Guimard ]
+ * Add patch to fix arbitrary code execution via CalDAV
+(Closes: CVE-2019-11356)
+
+ -- Xavier Guimard Fri, 07 Jun 2019 06:41:23 +0200
+
cyrus-imapd (3.0.8-5) unstable; urgency=medium
[ Xavier Guimard ]
diff -Nru cyrus
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package node-unicode-property-value-aliases
Hi all,
due to unicode changes, node-unicode-property-value-aliases should be
updated in Buster or at least rebuilt using
in 1.9.7-3+deb9u1
+
+ -- Xavier Guimard Mon, 27 May 2019 10:35:48 +0200
+
lemonldap-ng (1.9.7-3+deb9u1) stretch-security; urgency=medium
* Add patch to fix token security (Closes: #928944, CVE-2019-12046)
diff --git a/debian/patches/CDA-regression.patch
b/debian/patches/CDA-regression.patch
(Closes: #929447)
+
+ -- Xavier Guimard Thu, 23 May 2019 20:28:45 +0200
+
node-regenerate-unicode-properties (7.0.0+ds-1) unstable; urgency=medium
* New upstream release.
diff --git a/debian/control b/debian/control
index 22119fe..ace86b4 100644
--- a/debian/control
+++ b/debian/control
..d60dcee 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+acorn (5.5.3+ds3-3) unstable; urgency=medium
+
+ * Teamp upload
+ * Change unicode dependency to 12 (Closes: #929426)
+
+ -- Xavier Guimard Thu, 23 May 2019 19:49:18 +0200
+
acorn (5.5.3+ds3-2) unstable; urgency
(3.0.8-5) unstable; urgency=medium
+
+ [ Xavier Guimard ]
+ * Add upstream/metadata
+
+ [ Anthony Prades ]
+ * sieve segfault (Closes: #927142)
+
+ [ Xavier Guimard ]
+ * Fix Standards-Version to 4.3.0
+ * Add patch headers
+ * Trailing whitespaces
+ * Add myself to uploaders
+ * Add
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package cyrus-imapd
Hi all,
Buster has currently cyrus-imapd 3.0.8. Upstram last version is 3.0.9.
This version has one new little feature:
"The new ``cyrus_group`` option
ngelog
@@ -1,3 +1,9 @@
+lemonldap-ng (2.0.2+ds-7+deb10u1) unstable; urgency=high
+
+ * Fix tokens security (Closes: #928944, CVE-2019-12046)
+
+ -- Xavier Guimard Mon, 13 May 2019 21:22:34 +0200
+
lemonldap-ng (2.0.2+ds-7) unstable; urgency=medium
* Import upstream translations update
diff --git a
4.14.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Description:
Author: Xavier Guimard
Forwarded: https://github.com
VE-2019-5432)
+ * Fix debian/copyright format url
+ * Enable upstream test during build
+
+ -- Xavier Guimard Wed, 08 May 2019 19:27:08 +0200
+
node-mqtt-packet (6.0.0-1) unstable; urgency=low
* New upstream release
diff --git a/debian/control b/debian/control
index 48e32a0..079e795
h policy 4.3.0
+ * Add upstream/metadata
+ * Add patch to destroy stream on exceeding maxContentLength
+(Closes: #928624, CVE-2019-10742)
+ * Fix debian/copyright format URL
+
+ -- Xavier Guimard Tue, 07 May 2019 22:59:58 +0200
+
node-axios (0.17.1+dfsg-1) unstable; urgency=low
* I
upload
+ * Add upstream/metadata
+ * Build-depend on node-unicode-12.0.0
+ * Declare compliance with policy 4.3.0
+
+ -- Xavier Guimard Tue, 07 May 2019 18:25:20 +0200
+
node-regjsparser (0.6.0+ds-1) unstable; urgency=medium
* New upstream release.
@@ -22,9 +31,9 @@ node-regjsparser (0.4.0+ds-1)
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package node-unicode-data
Hi all,
Julien pushed a new version of node-unicode-data that fixes #927944
(FTBFS). Changes are only related to unicode-12 support.
Cheers,
-translations.diff
diff --git a/debian/patches/update-translations.diff
b/debian/patches/update-translations.diff
new file mode 100644
index 0..fdd33522f
--- /dev/null
+++ b/debian/patches/update-translations.diff
@@ -0,0 +1,1220 @@
+Description: Import upstream translation updates
+Author: Xavier
tadata
+ * Add patch to fix regexp ddos (Closes: #927715, CVE-2017-16119)
+ * Fix and enable upstream test using pkg-js-tools
+ * Fix VCS fields
+ * Fix copyright format URL
+
+ -- Xavier Guimard Thu, 25 Apr 2019 12:23:28 +0200
+
node-fresh (0.2.0-1) unstable; urgency=low
* Initial release (
ngelog
@@ -1,3 +1,13 @@
+node-js-beautify (1.7.5+dfsg-3) unstable; urgency=medium
+
+ * Team upload
+ * Add SHELL=/bin/bash in debian/rules to make build reproducible. Thanks to
+Chris Lamb (Closes: #924458)
+ * Fix install (Closes: #927868)
+ * Add test on css-beautify and html-beautify
+
+ --
s: #927466, CVE-2019-11358)
+ * Add patch to make the build reproducible. Thanks to Chris Lamb
+(Closes: #886001)
+
+ -- Xavier Guimard Tue, 23 Apr 2019 18:12:00 +0200
+
node-jquery (2.2.4+dfsg-3) unstable; urgency=medium
* Bump Standards-Version to 4.1.4 (no changes needed)
diff --gi
++ b/debian/changelog
@@ -1,3 +1,23 @@
+node-mixin-deep (1.1.3-3) unstable; urgency=medium
+
+ * Team upload
+ * Back to debhelper 9 (Buster freeze)
+
+ -- Xavier Guimard Sun, 21 Apr 2019 14:34:56 +0200
+
+node-mixin-deep (1.1.3-2) unstable; urgency=medium
+
+ * Team upload
+ * Add upstream/meta
d size to a sane value
+(Closes: #927671, CVE-2016-10542)
+
+ -- Xavier Guimard Sun, 21 Apr 2019 08:58:55 +0200
+
node-ws (1.1.0+ds1.e6ddaae4-4) unstable; urgency=medium
* Priority: optional
diff --git a/debian/control b/debian/control
index 9d70aba..52806c2 100644
--- a/debian/control
+++
..a4f80b6a
--- /dev/null
+++ b/debian/patches/SNYK-JS-JQUERY-174006.diff
@@ -0,0 +1,21 @@
+Description: Prevent Object.prototype pollution for $.extend( true, ... )
+Author: Xavier Guimard
+Origin: upstream,
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
+Bug: https
index 259a482a..ad742734 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+jquery (3.3.1~dfsg-3) unstable; urgency=medium
+
+ * Team upload
+ * Disable check-against-upstream-build test (autopkgtest) since file is now
+patched. Fixes debci
+
+ -- Xavier Guimard Fri, 19 Apr
on (Closes: #927385)
+ * Upgrade links to https
+
+ -- Xavier Guimard Thu, 18 Apr 2019 22:34:14 +0200
+
jquery (3.3.1~dfsg-1) unstable; urgency=medium
* Team upload.
diff --git a/debian/control b/debian/control
index 9564aeff..126c17ca 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,
a/debian/changelog b/debian/changelog
index 0df52d2..43d031a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-superagent (0.20.0+dfsg-1+deb9u1) stretch; urgency=medium
+
+ * Add patch to fix ZIP bomb attacks (Closes: CVE-2017-16129)
+
+ -- Xavier Guimard Thu, 18 Apr 2019
+ * Fix debian/copyright format URL
+ * Add upstream/metadata
+
+ -- Xavier Guimard Thu, 18 Apr 2019 14:22:09 +0200
+
node-superagent (0.20.0+dfsg-1) unstable; urgency=medium
* Imported Upstream version 0.20.0+dfsg
diff --git a/debian/control b/debian/control
index 8a9adb8..4207e63 100644
---
6058, CVE-2018-3774)
+ * Enable upstream tests using pkg-js-tools. This adds node-deep-eql,
+node-object-inspect and node-pathval in build dependencies
+ * Fix VCS fields
+ * Fix debian/copyright format URL
+ * Fix description (trailing whitespaces)
+ * Add upstream/metadata
+
+ -- Xavier Guim
n/changelog b/debian/changelog
index edaed62..0cb77bd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+node-sshpk (1.13.1+dfsg-2) unstable; urgency=medium
+
+ * Team upload
+
+ [ Pirate Praveen ]
+ * Enable nocheck build profile
+
+ [ Xavier Guimard ]
+ * Declare complia
-tools
+ * Declare compliance with policy 4.3.0
+ * Change section to javascript
+ * Change priority to optional
+ * Fix VCS fields
+ * Fix debian/copyright format URL
+ * Add upstream/metadata
+
+ -- Xavier Guimard Mon, 15 Apr 2019 07:05:03 +0200
+
node-serve-static (1.6.4-2) unstable
/changelog b/debian/changelog
index a6a3f75..933bb5b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,24 @@
+simile-timeline (2.3.0+dfsg1-4) unstable; urgency=medium
+
+ * Team upload
+ * Fix error in reiwa.diff patch
+
+ -- Xavier Guimard Sun, 14 Apr 2019 23:02:19 +0200
+
+simile
only 1 CPU is available (#909480)
+
+ -- Xavier Guimard Wed, 10 Apr 2019 21:24:03 +0200
+
feersum (1.406-1) unstable; urgency=medium
* debian/rules: fix Perl path in example files
diff --git a/debian/control b/debian/control
index 081e2ba..e995ca7 100644
--- a/debian/control
+++ b/debian/contro
patch to fix FTBFS (Closes: #926720). Thanks to Santiago Vila
+
+ -- Xavier Guimard Tue, 09 Apr 2019 18:54:43 +0200
+
node-miller-rabin (4.0.1-4) unstable; urgency=medium
* Team upload
diff --git a/debian/patches/fix-randomly-ftbfs.diff
b/debian/patches/fix-randomly-ftbfs.diff
new file
elds
+ * Fix debian/copyright years
+ * Add upstream/metadata
+ * Change section to javascript
+
+ -- Xavier Guimard Mon, 08 Apr 2019 14:52:06 +0200
+
node-deep-extend (0.4.1-1) unstable; urgency=medium
- * Initial release
+ * Initial release
-- Thorsten Alteholz Mon, 22 Feb 2016 18:1
Package: release.debian.org
Severity: normal
Hi all,
New Apache 2.4.39 fixes many bugs (including 5 CVEs [1]) with only 2
minor new features. Do you think it is a good idea to upgrade Apache
version in Buster or do you prefer a 2.4.38 with 2.4.39 fixes (means
2.4.39 without ~2 commits) or only
)
+
+ -- Xavier Guimard Thu, 28 Mar 2019 10:41:14 +0100
+
+lemonldap-ng (2.0.2+ds-5) unstable; urgency=medium
+
+ * Fix bad build dependency: Authen::2F::Tester instead of Authen::2F
+ * Split autopkgtests to test each library separately
+
+ -- Xavier Guimard Sat, 02 Mar 2019 13:47:29 +0100
Vcs fields for migration to https://salsa.debian.org/
+
+ [ Xavier Guimard ]
+ * Add upstream/metadata
+ * Update debian/copyright format URL
+ * Test: replace the use of deprecated "--compilers" by a test on generated
+files (fixes debci)
+ * Use debian/clean instead of an override
+
t20180416.cfc96ba0-3) unstable; urgency=medium
+
+ * Team upload
+
+ [ Xavier Guimard ]
+ * Add dh_installexamples -Xtmp/ to make build reproductible. Thanks to
+Chris Lamb (Closes: #924462)
+
+ [ Utkarsh Gupta ]
+ * Add patch to fix CVE-2019-10061 (Closes: #925571)
+
+ -- Utkarsh Gupta Wed, 27 M
+ * Update lintian-overrides
+ * Add Multi-Arch: foreign
+
+ -- Xavier Guimard Thu, 21 Mar 2019 15:52:01 +0100
+
node-jschardet (1.6.0+dfsg-1) unstable; urgency=low
* Initial release (Closes: #886228)
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 000..f5985ef
; urgency=medium
+
+ * Remove useless link to index.js (Closes: #924200)
+
+ -- Xavier Guimard Sun, 10 Mar 2019 10:51:41 +0100
+
node-log4js (4.0.2-1) unstable; urgency=medium
[ Mike Gabriel ]
diff --git a/debian/links b/debian/links
index 7d28891..78af5b4 100644
--- a/debian/links
+++ b
)
+ * Switch tests to pkg-js-tools
+ * Add libjs-prettify in dependencies (Closes: #919841)
+ * generate prettify.js links with dh_links
+
+ -- Xavier Guimard Sun, 10 Mar 2019 10:27:57 +0100
+
node-istanbul (0.4.5+ds-4) unstable; urgency=medium
* Team upload
diff --git a/debian/control b/debian
@@
+twitter-bootstrap3 (3.3.7+dfsg-2+deb9u2) UNRELEASED; urgency=medium
+
+ * Add patch to fix CVE-2019-8331: XSS in tooltip or popover
+
+ -- Xavier Guimard Thu, 21 Feb 2019 21:42:06 +0100
+
twitter-bootstrap3 (3.3.7+dfsg-2+deb9u1) stretch; urgency=high
* Team upload.
diff -Nru twitter
-bootstrap3-3.3.7+dfsg/debian/changelog 2019-01-06
23:34:50.0 +0100
@@ -1,3 +1,11 @@
+twitter-bootstrap3 (3.3.7+dfsg-2+deb9u1) stretch; urgency=high
+
+ * Team upload.
+ * Fix multiples XSS vulnerabilities (Closes: #907414)
+ * Update debian/copyright
+
+ -- Xavier Guimard Sun, 06
-bootstrap3-3.3.7+dfsg/debian/changelog 2019-01-06
23:34:50.0 +0100
@@ -1,3 +1,11 @@
+twitter-bootstrap3 (3.3.7+dfsg-3+deb9u1) stretch; urgency=high
+
+ * Team upload.
+ * Fix multiples XSS vulnerabilities (Closes: #907414)
+ * Update debian/copyright
+
+ -- Xavier Guimard Sun, 06
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello,
libmail-deliverystatus-bounceparser-perl contains some viruses in its tests
files (#864800). This update proposes to clean
2012-12-21 06:03:04.0 +0100
@@ -1,3 +1,10 @@
+lemonldap-ng (1.1.2-5+deb70u1) testing-proposed-updates; urgency=high
+
+ * Fix for CVE-2012-6426 (Closes: #696329)
+ * Brazilian translation (Closes: #693366)
+
+ -- Xavier Guimard x.guim...@free.fr Thu, 20 Dec 2012 06:41:50 +0100
+
lemonldap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
I'm the maintainer of lemonldap-ng web-SSO. I've included en
translation, policy update and a little bug correction (cleanup sub
slows down considerably the Apache server #599688). Is it possible to
upgrade squeeze from 0.9.4.1-3 to 0.9.4.1-5
93 matches
Mail list logo