Your message dated Sun, 18 Feb 2024 18:07:32 +0000
with message-id <e1rblzc-008fdg...@fasolo.debian.org>
and subject line Bug#1059168: fixed in nodejs 18.19.1+dfsg-1
has caused the Debian Bug report #1059168,
regarding flaky autopkgtest
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1059168: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059168
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: zlib
Version: 1:1.2.13.dfsg-3
Severity: serious
Control: close -1 1:1.3.dfsg-3
Tags: sid trixie
User: release.debian....@packages.debian.org
Usertags: out-of-sync
Control: affects -1 src:burp src:dolfin src:nodejs
Control: block -1 by 1057880
Dear maintainer(s),
The Release Team considers packages that are out-of-sync between testing
and unstable for more than 30 days as having a Release Critical bug in
testing [1]. Your package src:zlib has been trying to migrate for 32
days [2]. Hence, I am filing this bug. The version in unstable triggers
autopkgtest failures in multiple packages (although I suspect that the
current dolfin issues are due to it being flaky). The failure for burp
has already a bug report against that package, which leaves nodejs on i386.
If a package is out of sync between unstable and testing for a longer
period, this usually means that bugs in the package in testing cannot be
fixed via unstable. Additionally, blocked packages can have impact on
other packages, which makes preparing for the release more difficult.
Finally, it often exposes issues with the package and/or
its (reverse-)dependencies. We expect maintainers to fix issues that
hamper the migration of their package in a timely manner.
This bug will trigger auto-removal when appropriate. As with all new
bugs, there will be at least 30 days before the package is auto-removed.
I have immediately closed this bug with the version in unstable, so if
that version or a later version migrates, this bug will no longer affect
testing. I have also tagged this bug to only affect sid and trixie, so
it doesn't affect (old-)stable.
If you believe your package is unable to migrate to testing due to
issues beyond your control, don't hesitate to contact the Release Team.
Paul
[1] https://lists.debian.org/debian-devel-announce/2023/06/msg00001.html
[2] https://qa.debian.org/excuses.php?package=zlib
OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: nodejs
Source-Version: 18.19.1+dfsg-1
Done: Jérémy Lal <kapo...@melix.org>
We believe that the bug you reported is fixed in the latest version of
nodejs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1059...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jérémy Lal <kapo...@melix.org> (supplier of updated nodejs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 18 Feb 2024 18:12:23 +0100
Source: nodejs
Architecture: source
Version: 18.19.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapo...@melix.org>
Closes: 1059168 1064055
Changes:
nodejs (18.19.1+dfsg-1) unstable; urgency=medium
.
* New upstream version 18.19.1. Closes: 1064055.
+ CVE-2024-21892 (High)
Code injection and privilege escalation through Linux capabilities
+ CVE-2024-22019 (High)
Reading unprocessed HTTP request with unbounded chunk
extension allows DoS attacks
+ CVE-2023-46809 (Medium)
Marvin Attack vulnerability against PKCS#1 v1.5 padding
* new architecture: loong64, thanks to Shi Pujin
* patch:
+ let loong64 have some failing tests
+ more doc for localhost-no-addrconfig
+ allow test-debugger-heap-profiler to fail. Closes: #1059168
+ disable zlib embedding in v8, disable snapshot compression
* override lintian source warning for zlib brotli test string
* fix boostrapping of nodejs package:
+ update README.source
+ nodoc: disable bash completion output
+ patch: disable shared builtins when flag
node-builtin-modules-path is used
* include permission headers in libnode-dev
* B-D pkg-config becomes pkgconf
Checksums-Sha1:
0d0de63a10ea082a473f677af1b9a6be2b066337 4356 nodejs_18.19.1+dfsg-1.dsc
2540b9b84f230689afcbf507a307d46d4ef2a411 269724
nodejs_18.19.1+dfsg.orig-ada.tar.xz
4cad22f4545483163b468271d06f425b15f1dcf0 267236
nodejs_18.19.1+dfsg.orig-types-node.tar.xz
c2d954a215b417e858e4750e687ef180333790a9 28802788
nodejs_18.19.1+dfsg.orig.tar.xz
2f4699c23c652a71ae581b2b187756cb5c1fbd8b 163300
nodejs_18.19.1+dfsg-1.debian.tar.xz
3451db4d91e2c65cf28d19c0f87495368ea19621 10959
nodejs_18.19.1+dfsg-1_source.buildinfo
Checksums-Sha256:
7c5c6b0b6916f1be0abd263ba06fbfa5328dd4d5a4760bd20e1c6ba9b9daf481 4356
nodejs_18.19.1+dfsg-1.dsc
0c3caa8771a2bc6ac5d32912d07383dcae8a0cf145ed6f7017cbf6b41478acd2 269724
nodejs_18.19.1+dfsg.orig-ada.tar.xz
5bd8293f0adfb7bc744e3071bdbd184fd02f973931396ba816ff61514ecd62a9 267236
nodejs_18.19.1+dfsg.orig-types-node.tar.xz
85e2a8604269306984d0c7cc3cdc028dc654d9a60c42a0e059e0104430732c61 28802788
nodejs_18.19.1+dfsg.orig.tar.xz
fefe4bf79bb4b41e12907e2714d868a660df900a56453f48f60927ee189c6b13 163300
nodejs_18.19.1+dfsg-1.debian.tar.xz
0720d16be5186b44d49515226ed9bfc92471bfeb0d48b5bc525d2aaf6d0cd197 10959
nodejs_18.19.1+dfsg-1_source.buildinfo
Files:
37afa2914e24e18a5282cb08d8b6ebe9 4356 javascript optional
nodejs_18.19.1+dfsg-1.dsc
327a080764e93ab10a593efba5b84fd3 269724 javascript optional
nodejs_18.19.1+dfsg.orig-ada.tar.xz
8cabd2aa436c05f698a17368826a8645 267236 javascript optional
nodejs_18.19.1+dfsg.orig-types-node.tar.xz
275b47ffe6863d3d98cda579aacea9ca 28802788 javascript optional
nodejs_18.19.1+dfsg.orig.tar.xz
9da9e0d945e8f74fad9bd4c29a9268a3 163300 javascript optional
nodejs_18.19.1+dfsg-1.debian.tar.xz
0c1e17b2f5b5d3df67a160bacd739fea 10959 javascript optional
nodejs_18.19.1+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmXSQmsSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN08GAP/0PFaphVoQJE3bnGvgKxBHk3T7ldx8Ta
1jlMZ4E8HGeDkgFpl0nu3NmnFTSkt7NGWypUbq23KbYCGjNvr+n2I+O4ntnsAAPH
co/FhcYw+SvAIUt6nMldr8N6e8U7N9i64lEdDwUN+Ry/rrdYJqpX9xDOu0N2VNZ3
m9X/Q5JE/NMgv5wRTRdnMfdUVN7QCqvx7rs4N2W9VXsPWTqHNMtbwV2wqVxPmYBH
YQlL/LRfQkEscZBfQopOTHMJyWLFRHko8+AR+/Gh8J4VnPqH2Ej9rLgqgjFWFt5m
mNHfmstZk2QVhIRkXvg0fsdkPIFBKTwyfVTbAc6lR/viJPG7KyfqS36qBm0BLiBt
rP2UHy/I21hV9bgkebB+kXYkWT8GhtQ6VthhcLhP3lXkyj7ElyQxOG1CcQFbFXEK
yWp4JFhGRdHHuoSAlvOd3MeaMaZo59PdOGE3JQ1ogTmBn/F6iPWiqkyyQ6ovd/yz
olp0CaQq17X8BRs2R3PxLPQLa9BkgBPASVH/4VZZGALqBYBN3T8R5uf36/Ps43X0
cpBZONFM64oXv+/I8sGqvrrJxZzDWtGokUuttEoOawYOKtlMbAIzpomaP0PV1HY3
uaSxijm+4JxVO/E1wudoRLSc8JRKTk845+iYCo/x2VSNgwKYFduy6fFgKcX4exBC
q5ZjeQbicfqY
=ETPI
-----END PGP SIGNATURE-----
pgpjh5dhD2IP_.pgp
Description: PGP signature
--- End Message ---
