Your message dated Sat, 13 Mar 2021 17:17:13 +0000 with message-id <e1ll7t3-0006me...@fasolo.debian.org> and subject line Bug#979364: fixed in nodejs 10.23.1~dfsg-1~deb10u1 has caused the Debian Bug report #979364, regarding nodejs: CVE-2020-8265 CVE-2020-8287 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 979364: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nodejs Version: 12.19.0~dfsg-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 10.21.0~dfsg-1~deb10u1 Control: found -1 14.13.0~dfsg-1 Hi, The following vulnerabilities were published for nodejs. CVE-2020-8265[0]: | nodejs: use-after-free in TLSWrap CVE-2020-8287[1]: | nodejs: HTTP Request Smuggling If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-8265 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265 [1] https://security-tracker.debian.org/tracker/CVE-2020-8287 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8287 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nodejs Source-Version: 10.23.1~dfsg-1~deb10u1 Done: Jérémy Lal <kapo...@melix.org> We believe that the bug you reported is fixed in the latest version of nodejs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 979...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 05 Jan 2021 21:29:29 +0100 Source: nodejs Binary: libnode-dev libnode64 libnode64-dbgsym nodejs nodejs-dbgsym nodejs-doc Architecture: source amd64 all Version: 10.23.1~dfsg-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Jérémy Lal <kapo...@melix.org> Description: libnode-dev - evented I/O for V8 javascript (development files) libnode64 - evented I/O for V8 javascript - runtime library nodejs - evented I/O for V8 javascript - runtime executable nodejs-doc - API documentation for Node.js, the javascript platform Closes: 979364 Changes: nodejs (10.23.1~dfsg-1~deb10u1) buster-security; urgency=medium . * New upstream version 10.23.1~dfsg. Closes: #979364. Fixed vulnerabilities: + CVE-2020-8265: use-after-free in TLSWrap (High) + CVE-2020-8287: HTTP Request Smuggling (Low) . nodejs (10.22.1~dfsg-1~deb10u1) buster-security; urgency=medium . * New upstream version 10.22.1~dfsg Vulnerabilities fixed: + CVE-2020-8252 fs.realpath.native on may cause buffer overflow (Medium) Checksums-Sha1: abf256a46e9975d98d6675dbae4f728e5eaec0b7 3057 nodejs_10.23.1~dfsg-1~deb10u1.dsc 31b0c0cc7be9a973d354cb43efb5e3f91dd2f34b 16553968 nodejs_10.23.1~dfsg.orig.tar.xz efff795990e36ee433bb706fa16098013c1c142a 100244 nodejs_10.23.1~dfsg-1~deb10u1.debian.tar.xz 4a9dbdc83127243e666abd1b47a87831d1e80fe2 396644 libnode-dev_10.23.1~dfsg-1~deb10u1_amd64.deb db2dd1f422f6869474260f78607f0f37bdd8e787 298944812 libnode64-dbgsym_10.23.1~dfsg-1~deb10u1_amd64.deb 1c63a5369133d32894dbda0120c7a4005a84da7a 5619152 libnode64_10.23.1~dfsg-1~deb10u1_amd64.deb 195c95c60d0302be6b2d5c2a73a96738c0370f38 12964 nodejs-dbgsym_10.23.1~dfsg-1~deb10u1_amd64.deb 51a20dfa3cdaeefd4359c16388de5a962ecdc3fc 973588 nodejs-doc_10.23.1~dfsg-1~deb10u1_all.deb 1ea6fa4c6b647f099897aa25519233a2af979cc7 9262 nodejs_10.23.1~dfsg-1~deb10u1_amd64.buildinfo fc5d10170f3d1bd65950ab70cdef3b93ed1d89dd 87236 nodejs_10.23.1~dfsg-1~deb10u1_amd64.deb Checksums-Sha256: 765dfaa8d9b048ec90608b7917d7492738e8c0e885a1cb560baadac740307581 3057 nodejs_10.23.1~dfsg-1~deb10u1.dsc 0754ead9c34820f5a0bbecd9fd33d28e86ef0e497d3cec4374282c958d956a34 16553968 nodejs_10.23.1~dfsg.orig.tar.xz 453942508fb7b94f8a42d3a1a6389e9f32a4f7d55d8ba0d80609d62370e31872 100244 nodejs_10.23.1~dfsg-1~deb10u1.debian.tar.xz 1d7100e204ef3c2b9bc2cd2e9b7e4d235f2a3bcbac38f470dec010767b54c80e 396644 libnode-dev_10.23.1~dfsg-1~deb10u1_amd64.deb 40802a6bc861dd2a982e1c69ab2d33bad41f15a43eb1493e5d00a05585c3d92c 298944812 libnode64-dbgsym_10.23.1~dfsg-1~deb10u1_amd64.deb 34d495bf64765296d6d02966b39ae52d44eef58a579a35d29ac4a5562e805fa9 5619152 libnode64_10.23.1~dfsg-1~deb10u1_amd64.deb 5df3540eadd549cd3cb60aa6e08ba0a85e42427551062f3a5b973adc4f2f385b 12964 nodejs-dbgsym_10.23.1~dfsg-1~deb10u1_amd64.deb d58e047f89b3afcb1df022eed18cf1d5ab44e3eb6805cf2dd6314d15a03e7da4 973588 nodejs-doc_10.23.1~dfsg-1~deb10u1_all.deb 46b1dd98b0d162ad72ac3138e095d1fe1421b3bd64c11355983c7e6b2a808d3c 9262 nodejs_10.23.1~dfsg-1~deb10u1_amd64.buildinfo c596244b82afb001b16c504b1ffb51ad085a4b86254edde4ef6e342f6e8b3e45 87236 nodejs_10.23.1~dfsg-1~deb10u1_amd64.deb Files: d18f1c0305bf74cefd34e66fd4d240d3 3057 javascript optional nodejs_10.23.1~dfsg-1~deb10u1.dsc b2f4599dc468cd3e4c15ebd235118b48 16553968 javascript optional nodejs_10.23.1~dfsg.orig.tar.xz ed2bdc287be89ab7e2fca2408836084f 100244 javascript optional nodejs_10.23.1~dfsg-1~deb10u1.debian.tar.xz e47f3296a42cdf890f50b50b456890e3 396644 libdevel optional libnode-dev_10.23.1~dfsg-1~deb10u1_amd64.deb be65356e00d1aef73a094e8d5aa4a0ee 298944812 debug optional libnode64-dbgsym_10.23.1~dfsg-1~deb10u1_amd64.deb 799195a56beb35b841f15a0b370ebc3f 5619152 libs optional libnode64_10.23.1~dfsg-1~deb10u1_amd64.deb ceee7997abb86ac5ed08d9a5c2d10dce 12964 debug optional nodejs-dbgsym_10.23.1~dfsg-1~deb10u1_amd64.deb 14341a37e4995ff853cf7b8339285ec6 973588 doc optional nodejs-doc_10.23.1~dfsg-1~deb10u1_all.deb bdd173d8be826b9d4d33312f8b42f90b 9262 javascript optional nodejs_10.23.1~dfsg-1~deb10u1_amd64.buildinfo 932206322a14f5c359f65361b46206fb 87236 javascript optional nodejs_10.23.1~dfsg-1~deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl/1jcgSHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN0mzsQAKDeRbHBrNsC8Hu20bUdvP6VG7y0cqCR bCVDsZh47wLCDCugTdbzSaMXqc5Za9FJe+mwB/RmA/WUBocP/SjntK6zlOZL8mnf T3nwz3mAGr3YbVnW1zn4jFDyCXQ8mHvdZTN2oVicBD7SNeYT1d7xDSmnU0C14j/V +vNN0ILbD/tu6vkuH5qEu9rpVkMsIFBwcobAyCbZ+2FW/1fx+XgYYluopZkpJJSL 41m2HxxprlzkilhHxHw5UaiqJ9l/x9XRfwi2LsH+Qc5Od8u0Vz55Ql8zhnpCzzF2 HIKzyk9/H3iHKvnPNEqy9h5+vQBjfsQ83fXCGmCpO0KaIPr0NUAg5l4kOut1vQNR KGTm45Sva9aGZre9DKzoyGZbZJ3RTYAwrFS2Zn0BjkDwQ6Wd1vM/lHlDp2xFnBN2 DgPK9d2/zdSNF7CGrjkSM/NUyhri29/MA9XfFllACh0Ne6f5YK2U3kDEGUGpUcIj EHDuvrYHPBARp06IK5Na5/p//nf1AG0dST9rZH2LHLHMU3YTHAVMFuUli708uEiy qnLq7eRMyp5zUwfvtjG0hg59QzaBdexQzMSEVbxQNGYB7VuoyDNUhy4udrD4riRf RStAe1FY5+D9oieSBQJDsmj5/OkQbEj4ywKoEFOj6Kt4q9Ah8K0XM4LMZJuAxAGd RxCgAP8Q5LN+ =7nB3 -----END PGP SIGNATURE-----
--- End Message ---
