Your message dated Fri, 12 Jun 2020 09:32:09 +0000 with message-id <e1jjg2j-000cix...@fasolo.debian.org> and subject line Bug#962145: fixed in nodejs 10.21.0~dfsg-1~deb10u1 has caused the Debian Bug report #962145, regarding nodejs: CVE-2020-11080 CVE-2020-8172 CVE-2020-8174 (June 2020 security release) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 962145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nodejs Version: 10.20.1~dfsg-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 10.19.0~dfsg1-1 Hi, The following vulnerabilities were published for nodejs. CVE-2020-11080[0]: HTTP/2 Large Settings Frame DoS CVE-2020-8172[1]: TLS session reuse can lead to host certificate verification bypass CVE-2020-8174[2]: napi_get_value_string_*() allows various kinds of memory corruption If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-11080 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080 [1] https://security-tracker.debian.org/tracker/CVE-2020-8172 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8172 [2] https://security-tracker.debian.org/tracker/CVE-2020-8174 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174 [3] https://nodejs.org/en/blog/vulnerability/june-2020-security-releases Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nodejs Source-Version: 10.21.0~dfsg-1~deb10u1 Done: =?utf-8?b?SsOpcsOpbXkgTGFs?= <kapo...@melix.org> We believe that the bug you reported is fixed in the latest version of nodejs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 962...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 04 Jun 2020 02:35:16 +0200 Source: nodejs Architecture: source Version: 10.21.0~dfsg-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Jérémy Lal <kapo...@melix.org> Closes: 962145 Changes: nodejs (10.21.0~dfsg-1~deb10u1) buster-security; urgency=medium . * New upstream version 10.21.0~dfsg. Closes: #962145. * Security fixes: + CVE-2020-11080 + CVE-2020-8172 + CVE-2020-8174 Checksums-Sha1: 30a31a256d4cd50f9ed6695c214769b893656776 3057 nodejs_10.21.0~dfsg-1~deb10u1.dsc c95948f590918a4f36de05b61dcc785c8887e7a0 16231704 nodejs_10.21.0~dfsg.orig.tar.xz 48f5f4cf8b0139b13d469a56980de45ece54d69a 100040 nodejs_10.21.0~dfsg-1~deb10u1.debian.tar.xz bae499ddb3b314fcd7377f51c674b572c0ac7d4d 7991 nodejs_10.21.0~dfsg-1~deb10u1_source.buildinfo Checksums-Sha256: 7af4de314f97b66f3aca0a5c863feb205d244a1e02177d738c049552f496b7b2 3057 nodejs_10.21.0~dfsg-1~deb10u1.dsc 111d0a59a5d0ed8c2f64d46e344e14ea152b0b23f4e892d166a37e5b15c8cb99 16231704 nodejs_10.21.0~dfsg.orig.tar.xz e6328598b1b72cdf9d28f1071214a5f71d6dab8a6c6dc5565d96856c61100d48 100040 nodejs_10.21.0~dfsg-1~deb10u1.debian.tar.xz 5b8fdfe5509f9c2a4198bbc272a9cd7b02717a99ead354162720a01c74c45620 7991 nodejs_10.21.0~dfsg-1~deb10u1_source.buildinfo Files: 382f90a5e18e7a37e585384dca624297 3057 javascript optional nodejs_10.21.0~dfsg-1~deb10u1.dsc 3a6dff10c0d58ed9cc7a929aef80da19 16231704 javascript optional nodejs_10.21.0~dfsg.orig.tar.xz cc0c43957ca629d120e597188b2867e2 100040 javascript optional nodejs_10.21.0~dfsg-1~deb10u1.debian.tar.xz 5e6db70eb65257c4890fd620ad75b3cb 7991 javascript optional nodejs_10.21.0~dfsg-1~deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl7aXOwSHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN05igQAIsZGfKmoCntQdaGgzTLVZbfsPsefIEB +a7AOvPVefUteN4HNvOJ4iarvDV4jNDE7EWSjH2NdOEHgLUpvgY0Xbys8khdikqx cPbnb5vgv4SJPPulT8pVI312in1cTz5lP/XxWooIVoEzv7JbvgC0lJ7Qt6BSsBLt pP5S0X/dI37Cb7mDpESRRsnWlKXqVtZype8l7GI9Grq9V554bcg083JtoGvlPGwM sluqtNMpkYdVhvF1uvGiHyiMGo3hIHBG9zPOzZJBtdfGwW3/6pRekXrHr9YmBgI0 Taz/I/RWcE8XnKEV4949Tu262c9Os2ZfObx94Ilfwo/xzGrkV0LaIZpztiUBTfjz tT/pwCicTt25FYI6s0J91EGohjYrKXr6yU0h4WBNdV2c+y3R0elSz4D3vlrvDSVH auv4Y7vk7Hk3v1cOB+NHIQjdNoGQ6p/+fEaKOxmAqbVOjetD0najKDPkVQXnqk58 EJhuj7xtJAC5dKhWgrMt1R4pT/YVjCSViRIg8vflIhPN534yOFxWm9JlMlefVOgM 6Y8WIlWB7Q7csEid0edaDEGKjztCVzEUjIHwwLSySu9X0bFrSUvWoeFYVbCLLXOu 1fTeA/+kGFqOaxJG75qND3fUVxW9kqy/1xwXusV9p60m81ZJECwOes5QMM13vK73 1xAMdA3z6DVj =ZATM -----END PGP SIGNATURE-----
--- End Message ---
