Bug#990561: marked as done (libuv1: CVE-2021-22918)

[Debian Bug Tracking System]

Your message dated Sun, 04 Jul 2021 08:16:49 +0000
with message-id <e1lzxj3-0005ju...@fasolo.debian.org>
and subject line Bug#990561: fixed in libuv1 1.40.0-2
has caused the Debian Bug report #990561,
regarding libuv1: CVE-2021-22918
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
990561: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990561
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libuv1
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,
the latest nodejs security release included an issue in libuv:
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

The patch hasn't landed in libuv.git, but here's the patch as applied
by nodejs:
https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d971631829

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-22918
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

Source: libuv1
Source-Version: 1.40.0-2
Done: Dominique Dumont <d...@debian.org>

We believe that the bug you reported is fixed in the latest version of
libuv1, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 990...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominique Dumont <d...@debian.org> (supplier of updated libuv1 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 04 Jul 2021 09:43:38 +0200
Source: libuv1
Architecture: source
Version: 1.40.0-2
Distribution: unstable
Urgency: medium
Maintainer: Dominique Dumont <d...@debian.org>
Changed-By: Dominique Dumont <d...@debian.org>
Closes: 990561
Changes:
 libuv1 (1.40.0-2) unstable; urgency=medium
 .
   * add patch for CVE-2021-22918 (Closes: #990561)
Checksums-Sha1:
 bef65c1905b17ce2c38945be3e871463ca133a00 1997 libuv1_1.40.0-2.dsc
 1c5ec7416007a789fee14c8dece281485cdf733d 23904 libuv1_1.40.0-2.debian.tar.xz
 c02a0916576e0c90dd8b287e0452df438f56f718 6906 libuv1_1.40.0-2_source.buildinfo
Checksums-Sha256:
 474cc846bbc36e68da06539d57a0f26b890fc113e9598a45e8aa6230877c7ce7 1997 
libuv1_1.40.0-2.dsc
 cf4ec6b8d02e5eaece8a93636599935e2b3cc242df1976bfc24453816e50755f 23904 
libuv1_1.40.0-2.debian.tar.xz
 6ff8f2049f5b015cc0eb90758adcf24980e4914e580c62ecaa4cea3fd4483ad8 6906 
libuv1_1.40.0-2_source.buildinfo
Files:
 1cdcbba5aa763c49eb37861407509bef 1997 libs optional libuv1_1.40.0-2.dsc
 66213e34d996de29ec5ddfcdd72b331a 23904 libs optional 
libuv1_1.40.0-2.debian.tar.xz
 fa415efc26fb8eb1bcf02779c4bbfcd5 6906 libs optional 
libuv1_1.40.0-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEn3I5/LZk8Qsz6dwDwx9P2UmrK2wFAmDhZyAACgkQwx9P2Umr
K2zU0A/+KqbUMLG5znDqI85XpYb9dK/bAt1IcuSdWxCOosRyZuKERwwS+zOcONrs
WlfSQhX6F797Y9RvkLq/a38SZukbu1TAv2cocOrX5RVBda6h5AjXF7/0/TbBMYVz
vDhQwsmfrKLJqP5A5eXYqQBts9rJjSNoD3hcnOb0JLFy0oNyv7mSU601iMx3Xmri
lCpbopdi/Ezf29/cNXBFIve5SwCe2L6PGl/QRdQ4YxRrjP8KHIex37BUZ+gPhe5O
uqY/8hwUBr1cvfhQu8TN6ios47tKni/9emZgOByRq5d5JEHOLYph2SKGjVegOPoI
fnEp2A7sbd5i6kXr02k72qqsqFV4Du7N4PNQgp3WDiYaxOL7OwypgLZtKMUnW10a
Ma9CF7fjxEMuxE8bwW9qFJ6OhBHoMuyxMYCgYHw98nJMaaYINW3xA+q+V9WnpVdW
Q++UVVOn5lxu5rmE16SszyLXC4jhF8QoI9vQsCygSIc+XjsWwqj2lnKtTKdDpyrz
+DXOD1PKoKNYyRobSZwstuJ4bruIn5+XXyvBRASOC1o6gmGAzUTP2NXJbEhu3Z7+
h+6s9BNvTdIoUEz9StGw/+px8qRZM0k+HJ42LrTAIY5myDSzlWOThkSkdDQfMrVX
AXS+xWDy+5brA2pB/mItRbZwaqZxR3aphPEEH77ufIN84paGaSc=
=tNsH
-----END PGP SIGNATURE-----

--- End Message ---