Your message dated Wed, 25 Feb 2015 15:20:21 +0000 with message-id <e1yqdl7-0004sx...@franck.debian.org> and subject line Bug#779173: fixed in libuv 0.10.28-6 has caused the Debian Bug report #779173, regarding libuv: CVE-2015-0278: incorrect revocation order while relinquishing privileges to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 779173: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779173 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libuv Version: 0.10.28-5 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for libuv. CVE-2015-0278[0]: incorrect revocation order while relinquishing privileges If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0278 [1] https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c [2] https://github.com/libuv/libuv/pull/215 [3] https://groups.google.com/d/msg/libuv/0JZxwLMtsMI/jraczskYWWQJ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libuv Source-Version: 0.10.28-6 We believe that the bug you reported is fixed in the latest version of libuv, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 779...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luca Bruno <lu...@debian.org> (supplier of updated libuv package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 25 Feb 2015 10:50:58 +0100 Source: libuv Binary: libuv0.10-dev libuv0.10 libuv0.10-dbg Architecture: source Version: 0.10.28-6 Distribution: unstable Urgency: high Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org> Changed-By: Luca Bruno <lu...@debian.org> Description: libuv0.10 - asynchronous event notification library - runtime library libuv0.10-dbg - asynchronous event notification library - debugging symbols libuv0.10-dev - asynchronous event notification library - development files Closes: 779173 Changes: libuv (0.10.28-6) unstable; urgency=high . * Backported: call setgroups before calling setuid/setgid (Closes: #779173 - CVE-2015-0278) Checksums-Sha1: 310b995620da7d7a6385c2f70e49a23b1d3811df 2056 libuv_0.10.28-6.dsc 892ca2c1cb6c53ee3619af3ff1874b0e847cb4e6 8244 libuv_0.10.28-6.debian.tar.xz Checksums-Sha256: 15092c8222efffd880e4624b1e8a99e7c06624d5af52b6308a58f34fed9708b2 2056 libuv_0.10.28-6.dsc ff9231561a0ad85803a9c3887c8be843d3dd9c401440ed16dbd5479a2adf2215 8244 libuv_0.10.28-6.debian.tar.xz Files: 326861f04754625ff1b0933a451393f8 2056 libs optional libuv_0.10.28-6.dsc dca20963f37ae3c0d4f1f4c98942721b 8244 libs optional libuv_0.10.28-6.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU7djeAAoJEKmDSiJSB45OmDQQAKTkh1DHQHMt7O87m9JcoczM crC6y4Z7qHYmmd4a7TeSvM1Fa84OHdH+knRgQxb0IUCaXyQVa46FT4bH05+S8r9H haWNaNHu8QBtAwlfzwsJ9tnHzNJePTTE/irGOKLSijVWzdwcnKbbtbChwIVmhhop mz7knEQaO6Zvbdk+NjEJWmUGJ528upksvtrRnaRkLka9yDEuU/84TKY1RWIOiM68 aAlhyujszw3H+Kbc8jxURFSTwk2NnXB151LVUCxcEbG3wGuqVHCkgjYVR/i5H3/1 aMUrRM9iplkMRKofikI7i+yfjxfTaFTT6KkX6J2QNcNiObfzmtx6/Hh6NlHCDOGP AgvR4S4fO0oxKFOY/DRt63zmJw8nhPPJtAnsCYdmZJlhCfsZjVFh8BCGkEuDMd3z 25Zw91/Y10V3nCb5MGOmnJ1p3ZnebyFC17d5XHLiXcov5daNEXsqAm500z05J2Px NoezQrGqvzCiC+g5pLrqCSSVSAjc3lft53E5mqdYMmtHYSV3H9RDLoeua2KJewo4 g4XXmr+7gkFCudLfOY2vkCa9gXpAnI/M3SCPDuIl4BBmsvYvIlNpGYy0e0nH6PD4 fZre0Pbw1Xrc4XeIOtQx1Cpw9ihUqvnL9dMeRphk8NNqkAV0PiMgSOQFie/CAK6v fIMFG7SoBV1gJ5O3uP6x =yguj -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
