Your message dated Mon, 05 Oct 2015 21:24:45 +0000
with message-id <e1zjdfv-00046z...@franck.debian.org>
and subject line Bug#800580: fixed in nodejs 4.1.1~dfsg-3
has caused the Debian Bug report #800580,
regarding nodejs: CVE-2015-7384: HTTP Denial of Service Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
800580: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800580
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nodejs
Version: 4.1.1~dfsg-2
Severity: important
Tags: security upstream
Hi,
the following CVE was published for nodejs on [0], but details and
patches will by available on Monday the 5th of October 2015. But
accordidng to upstrema 4.1.1 is affected, so filling this bug already.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://groups.google.com/forum/#!topic/nodejs-sec/fSNEQiuof6I
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nodejs
Source-Version: 4.1.1~dfsg-3
We believe that the bug you reported is fixed in the latest version of
nodejs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 800...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 05 Oct 2015 22:31:38 +0200
Source: nodejs
Binary: nodejs-dev nodejs nodejs-dbg nodejs-legacy
Architecture: source amd64 all
Version: 4.1.1~dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Debian Javascript Maintainers
<pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Jérémy Lal <kapo...@melix.org>
Description:
nodejs - evented I/O for V8 javascript
nodejs-dbg - evented I/O for V8 javascript (debug)
nodejs-dev - evented I/O for V8 javascript (development files)
nodejs-legacy - evented I/O for V8 javascript (legacy symlink)
Closes: 800580
Changes:
nodejs (4.1.1~dfsg-3) unstable; urgency=high
.
* Security fix for CVE-2015-7384 (Closes: #800580)
* Forward 2014_donotinclude_root_certs.patch
Checksums-Sha1:
b4effc0349a1a3407ce3851fcf24aee4cbcecc38 2336 nodejs_4.1.1~dfsg-3.dsc
095c064b4946affe5ab79a26ede29b44a19d3fad 56424
nodejs_4.1.1~dfsg-3.debian.tar.xz
50c1836053cf75f3c0e18a10d4c6d461d922d26d 48829264
nodejs-dbg_4.1.1~dfsg-3_amd64.deb
16de35935197f1e657151517c71bb809a36ad1f3 428892
nodejs-dev_4.1.1~dfsg-3_amd64.deb
c2e74b70bfc7d4ae12a884d28e2d4ac89a1619c6 183966
nodejs-legacy_4.1.1~dfsg-3_all.deb
ab115174eece3235e2603f3115531c9edfc0dc50 3194256 nodejs_4.1.1~dfsg-3_amd64.deb
Checksums-Sha256:
ffbe13e6c9addc9942f2cd8bfc20bfcbc83f8b7120eaffbe55dd8f47e1edf34d 2336
nodejs_4.1.1~dfsg-3.dsc
b331634bc6fd069315a8219abe570f5e1984ac0562e8141d12062d4df2781145 56424
nodejs_4.1.1~dfsg-3.debian.tar.xz
2e067a24dc78288231c5053c350f66252b67852f31391db89030725542f112e7 48829264
nodejs-dbg_4.1.1~dfsg-3_amd64.deb
ba40f00010945ab92c62f660f115f1ce7fa1c854650362b1102b5e82b2e0ebb7 428892
nodejs-dev_4.1.1~dfsg-3_amd64.deb
2ba6af20aca9406f13cee2db848e24b7f96f6e24db4e8e1597048275d94e8f04 183966
nodejs-legacy_4.1.1~dfsg-3_all.deb
8fc1c3e8101fd1efff8d0d9effbd3b471943b1b723936f67ad220a9f5f472951 3194256
nodejs_4.1.1~dfsg-3_amd64.deb
Files:
fe6368866a3abf7f49a7e595d3bca81a 2336 web - nodejs_4.1.1~dfsg-3.dsc
ac424b38e9da2faacbbaece873e0e186 56424 web - nodejs_4.1.1~dfsg-3.debian.tar.xz
df8344a79193dfd573e4cce432188732 48829264 debug extra
nodejs-dbg_4.1.1~dfsg-3_amd64.deb
71a19267ad9522dfe7604497715cf41a 428892 devel extra
nodejs-dev_4.1.1~dfsg-3_amd64.deb
e1cf0dbb72b0289fcc84b45954594538 183966 web extra
nodejs-legacy_4.1.1~dfsg-3_all.deb
01aa5958114e2020b782407771df00c6 3194256 web optional
nodejs_4.1.1~dfsg-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWEubkAAoJEGYRwF7dOfN0xZwQALy8yz0AK8vYiSjQ6wyW6FCE
QDrxBesm7eE+4//ttpHgyOHP1WJytYK+a+SDPlIdKBTiSHyGq+Agzz/QwNcYagf7
8gmb157FXWTCOWMhJiScRcirwcxawoDLq3tOR/x9O97MApxgjFcihJbYP5tniIk1
bPWax2WbwTGPY1pV6G6GXImIomOGRWLjQwtlZgDpZtYK3zug7p2AHq9GYgfEK03A
72D3R83Tj82bC6/afUtDY1f/6Gemdi0Er1prrT5RhSWEA41XWKv3GTfAmUkwcyWe
/HNX5odRpvg9mBX+Zr7LXvA8kVGqYIs5X7RKo6bFaQoPEZEGaBC+YJWQ+xG0mZCm
eAU0ack5cEMKLmIKBniOX5Prpnot6/pyLmD0fzVdcJCMQHnXDj3ZHFktf3N2f0Yf
ayxeh/UvX2zXmON4OW/eedjgc/GDVTu67kjRPMkAj56jDIVsNQ2ElOc2lt04tJrR
9oMrPvSIWSE48ZQohKF8VtbY0c2fnYWVLD7R4rtyLQa9sRx41QiJ/+BgMBY2nUe3
k7gABdsyRlYe0wXY1TSmMPdNr85p5lVwIGZ3xn0VSj/IzBtcIGmYqnAf0qfTOTTu
ib3fii58qs46FPLshzhiC7yjBCyIyW8kq/PU+2Bl7lAj7ua9uK9p2V5wUbwRZ2a/
URvYz0RZOhWgEbuHhXoL
=z//5
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
