Your message dated Sun, 07 Jan 2018 12:21:09 +0000 with message-id <e1ey9wr-00036m...@fasolo.debian.org> and subject line Bug#886451: fixed in node-marked 0.3.9+dfsg-1 has caused the Debian Bug report #886451, regarding node-marked: CVE-2017-1000427: vulnerable to XSS attack in the data: URI parser to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 886451: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886451 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: node-marked Version: 0.3.6+dfsg-1 Severity: important Tags: patch security upstream Hi, the following vulnerability was published for node-marked. CVE-2017-1000427[0]: | marked version 0.3.6 and earlier is vulnerable to an XSS attack in the | data: URI parser. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000427 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000427 [1] https://snyk.io/vuln/npm:marked:20170112 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: node-marked Source-Version: 0.3.9+dfsg-1 We believe that the bug you reported is fixed in the latest version of node-marked, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 886...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julian Taylor <jtaylor.deb...@googlemail.com> (supplier of updated node-marked package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 07 Jan 2018 12:48:16 +0100 Source: node-marked Binary: node-marked libjs-marked Architecture: source all Version: 0.3.9+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org> Changed-By: Julian Taylor <jtaylor.deb...@googlemail.com> Description: libjs-marked - Full-featured markdown parser and compiler node-marked - Full-featured markdown parser and compiler for NodeJS Closes: 886451 Changes: node-marked (0.3.9+dfsg-1) unstable; urgency=medium . * New upstream release * Fixes CVE-2017-1000427 (Closes: #886451) * Bump to standard to 4.1.3: - Move package to section javascript and priority optional Checksums-Sha1: 394f3b9137dee6ea4544edaacbe9b90ced0c7fab 2081 node-marked_0.3.9+dfsg-1.dsc b73a845f7055fc6c06f83607d9a261600ddb7231 72525 node-marked_0.3.9+dfsg.orig.tar.gz 55a40db096bb1b05caf4e890c0cde1343ec96838 3376 node-marked_0.3.9+dfsg-1.debian.tar.xz 6f8c83e2ae8fb74d1a9902e4495ea898778b6217 13556 libjs-marked_0.3.9+dfsg-1_all.deb d451a4040234ac0df41201a83fac5771675aff79 16336 node-marked_0.3.9+dfsg-1_all.deb 8c8c75b598db04cfe4638fcbbc4fec4531a19d81 7271 node-marked_0.3.9+dfsg-1_amd64.buildinfo Checksums-Sha256: 93a88e000aeda58989aa0f2bbcadca0275cd455487330e0e1e13ca5ddebe571c 2081 node-marked_0.3.9+dfsg-1.dsc 0bf6840056bac105bdb181c033cc5ddf5c4186dec611de140b6b7e57df4a564d 72525 node-marked_0.3.9+dfsg.orig.tar.gz fb9bd8eaac4d39ec438effe4b43397e5e4306c3bd6a6a1834bcef5afa14ed638 3376 node-marked_0.3.9+dfsg-1.debian.tar.xz 387965f2fdc628a877b85176c8712704b2fb65b715959638f2c7c39e3fdf8fd7 13556 libjs-marked_0.3.9+dfsg-1_all.deb db271e94ddc71804a519ae29ff7a0627657c484ff30a8694d589758a7497f286 16336 node-marked_0.3.9+dfsg-1_all.deb fbb164345c8f9f5670340a5a192b0d2d9d647b6dba6f35dae26beb3791e3b917 7271 node-marked_0.3.9+dfsg-1_amd64.buildinfo Files: 54fd0dad16b3277051f1b63eaf847ad8 2081 javascript optional node-marked_0.3.9+dfsg-1.dsc 6bae3fd537bc2e7a7e16adb1de1178d9 72525 javascript optional node-marked_0.3.9+dfsg.orig.tar.gz 85716cb9b0bd59a0529d53eb51dc765d 3376 javascript optional node-marked_0.3.9+dfsg-1.debian.tar.xz b96347fb55503b828a45323123f6fbe7 13556 javascript optional libjs-marked_0.3.9+dfsg-1_all.deb d4f547c523c4b14cd41c540f41df7052 16336 javascript optional node-marked_0.3.9+dfsg-1_all.deb f055ef424f421233dc7667ebfd720d32 7271 javascript optional node-marked_0.3.9+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaUgxsAAoJEDLMSqwCh1b/8RoP/0xWwbaUnKlktVYfrUX6CfiH vAQUrhwy2ue0G13ZoZ1ByJD8Agv8PkRA+Vxawp/1jX/28dRsM90BqRHX5BR+SY6O dRKkUUMxlxN6kECMkYgwatVRRkM6uyeMJbEQlsD3NA1qWKzLgbmdS1EBgYhVwIMf pAAUs/LSCfClNkJ/rigbcnPSI3WwcaoCy1ZF7gcftKlPwcJid10IWqblBPEDY8CI Vp/ZSmcW4ChKIxAXbK5K9utJAEcOvrbuDUefPpujLNT3C1PPrGZuJEHvI0BkeNcf 4HgWwlBocUBfQm7F8cC5sNmdlvN0pWH3yqPGX5FoJVM6su5NeYFCiCqTHb/DWds8 rvhIdUJkLlANQ+W9lmMqGQt2nTTvk88G/4j8d7NIcs25lDWhaAo75IN9zqF6/TVD V/VcdpkkWCOftGhTbGFfD1Ip7WeyzJ37wK931aG8R5xxs8A3MTxltqU5v9KRLl0Z D3Uc5w80321nOuDLhQtmoydAV8Y1Dk6gGyV3RaFBGIVZ5jfKemmokcVltfm2fvVK v7ZumJdLy9BZWAAbi8ZmZMlXo/stGeKeoudd+X16d7jaDi5O9jIOfAgPLqUXgB88 MAxTVgVwod9OtMe5XXb+qhouh23YP/Am3CRNGIytFTJ8DCLPBOKP0xxh5Qid9OZg fVvepqs0h5cGO7hAdVi0 =mHtn -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
