Your message dated Tue, 12 Jun 2018 17:19:28 +0000 with message-id <e1fsmx6-000auz...@fasolo.debian.org> and subject line Bug#901277: fixed in node-mime 2.3.1-1 has caused the Debian Bug report #901277, regarding node-mime: CVE-2017-16138 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 901277: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901277 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: node-mime Version: 1.3.4-1 Severity: important Tags: security upstream Forwarded: https://github.com/broofa/node-mime/issues/167 Hi, The following vulnerability was published for node-mime. CVE-2017-16138[0]: | The mime module is vulnerable to regular expression denial of service | when a mime lookup is performed on untrusted user input. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-16138 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16138 [1] https://github.com/broofa/node-mime/issues/167 [2] https://nodesecurity.io/advisories/535 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: node-mime Source-Version: 2.3.1-1 We believe that the bug you reported is fixed in the latest version of node-mime, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 901...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated node-mime package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 11 Jun 2018 22:37:58 +0000 Source: node-mime Binary: node-mime Architecture: source all Version: 2.3.1-1 Distribution: unstable Urgency: high Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Description: node-mime - library for mime-type mapping for Node.js Closes: 901277 Changes: node-mime (2.3.1-1) unstable; urgency=high . * New upstream release: - fixes CVE-2017-16138: regular expression denial of service (closes: #901277). * Update install location to separate directory. * Update support files location patch. * Update watch file. * Update Vcs-* fields to Salsa. * Update debhelper level to 11 . * Update Standards-Version to 4.1.4: - change package priority to optional. Checksums-Sha1: 8d4d8b280d10ed8b427bdad99bf92a83eb7b09da 2003 node-mime_2.3.1-1.dsc 11f113eed8a2859cef3bb926ac3a56ade2333f65 42397 node-mime_2.3.1.orig.tar.gz 0874296df834c8dcafebab01bd75bbb6d911c832 2716 node-mime_2.3.1-1.debian.tar.xz 3283dc905a11341dd1254541042f8dd000561ebd 17376 node-mime_2.3.1-1_all.deb a9f9594d6ddde97419796a195871a43c3e22ccfc 6430 node-mime_2.3.1-1_amd64.buildinfo Checksums-Sha256: 38f512cc580c342e86817be46d964eaff313f1ff58c4ee1e94adeaf5c3ad2acb 2003 node-mime_2.3.1-1.dsc 1dc28b3437cb6f4e772ccf484dc7bdb6f5e14570f2a46ec048de5afc028d6c0c 42397 node-mime_2.3.1.orig.tar.gz 0d0fc1d2be974e9e0f95b19042c15f33086702388db36efd3c505fa9f4df32a4 2716 node-mime_2.3.1-1.debian.tar.xz 32427feaa7024368d8a45031dbdc17df6774fef43ba65780e5786c380c9212a2 17376 node-mime_2.3.1-1_all.deb 9204c3d7a46c2004ef9d7790f99dc371b95a2d309fb985d452409dd09850a5a9 6430 node-mime_2.3.1-1_amd64.buildinfo Files: b5283d00fb062c7e13b7e0b4140fc34c 2003 web optional node-mime_2.3.1-1.dsc 2b6e5b97df4f40ca9345e90ba5f145b4 42397 web optional node-mime_2.3.1.orig.tar.gz 9ded5b7f253a4242a1221dd29bc0bb6a 2716 web optional node-mime_2.3.1-1.debian.tar.xz 65c164d1beeef0ae29d26513a82203b2 17376 web optional node-mime_2.3.1-1_all.deb c47584ba7530263833642612224e00fb 6430 web optional node-mime_2.3.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlsf/AYACgkQ3OMQ54ZM yL/fjA//b2YqTXAZYNvGLQvj+6TrXGslYkuHg3UThNj9dkGviJqbTlD2MdOV9xsr kJM+iWnTUfd7Uf8ew9JeeySM3SkZzg+Q+kLZI0Tn8HTr3NRD+q3SCtXWx8IhazcU T4pwh7q2Qeqr4uaHjXXe7vnNBS0UaevkAQ50WA6mYcc0Ynz8fYvOY7WF09KTe2XC 8n8DzOUVIZuIgj1171ZRoQbzcPlEFgzIgj9z64cB5yK4zVbcB8dwpYDVlhgKSP9l LQeXUzk5veYYKKuWZvzBo5kncf/AjEiyE0cOQvd2xZPH4o2ikxjkgy/4qL6UfvCF m+Rg1ZHecdQqdSANm22Qg1RnBaUfn1QJ6fq7bF0i2N88n7znVQBKpX6aHL4X7N1N f4Oc4hj9bO7QKlqq8DR2UvqD8pkewmf8y2zuwCFFKBu0o3AIq+sqfbaWZkvOuJDE NnK0em+33F6F9QroTqXL/uXyCV+CC7zxLjDSvlkXea0qEVYyc99H5UE4bsWQRIud NbVmldeiDDR3eBOEtb/HtVddl3VacS0VNpqbAqrg1OIt/eS2AqM0PHCyj8K6ksY0 pcDMnyderSlgQNrnTdh3+EQz8s0FcBSc4obRPyDkX1NOyLEXO5cpu6RCtgf7blEH Yw5oVYyq1qUQQHskLc8KE/qp+vY3mP6O/SLZOnl97cMhxrsyrJo= =PDsP -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
