Your message dated Thu, 4 Apr 2024 06:48:42 +0200 with message-id <zg4xkvqqjquxw...@eldamar.lan> and subject line [ftpmas...@ftp-master.debian.org: Accepted nodejs 18.20.1+dfsg-1 (source) into unstable] has caused the Debian Bug report #1068347, regarding nodejs: CVE-2024-27983 CVE-2024-27982 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068347: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068347 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nodejs X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for nodejs. CVE-2024-27983[0]: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982[1]: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27983 https://www.cve.org/CVERecord?id=CVE-2024-27983 [1] https://security-tracker.debian.org/tracker/CVE-2024-27982 https://www.cve.org/CVERecord?id=CVE-2024-27982 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: nodejs Source-Version: 18.20.1+dfsg-1 ----- Forwarded message from Debian FTP Masters <ftpmas...@ftp-master.debian.org> ----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 03 Apr 2024 16:50:38 +0200 Source: nodejs Architecture: source Version: 18.20.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@alioth-lists.debian.net> Changed-By: Jérémy Lal <kapo...@melix.org> Changes: nodejs (18.20.1+dfsg-1) unstable; urgency=medium . * New upstream version 18.20.1+dfsg + CVE-2024-27983: HTTP/2 server crash (High) + CVE-2024-27982: HTTP Request Smuggling (Medium) * Breaks libnode108, not 109 * copyright: remove file * Drop build/test_dns_resolveany_bad_ancount.patch, applied Checksums-Sha1: 6a1c634577a5c44ffc9a8add91de854f8d52f3c6 4359 nodejs_18.20.1+dfsg-1.dsc 2540b9b84f230689afcbf507a307d46d4ef2a411 269724 nodejs_18.20.1+dfsg.orig-ada.tar.xz fe2823889f88c0ba801ec4565b302dc987f27168 274360 nodejs_18.20.1+dfsg.orig-types-node.tar.xz 224708ebbaaada74e786059a276dca0054fabf33 29305332 nodejs_18.20.1+dfsg.orig.tar.xz 85cf8906b32eaf766c2b08690fd24be97ddc619a 163104 nodejs_18.20.1+dfsg-1.debian.tar.xz ffe31e7755d29173054a343fa72cc978878d4e8e 10916 nodejs_18.20.1+dfsg-1_source.buildinfo Checksums-Sha256: b8eeb8d2a7cc17dc772fa9f0817d8d294842eb8e3ea4cdf34cc59fd29baf768a 4359 nodejs_18.20.1+dfsg-1.dsc 0c3caa8771a2bc6ac5d32912d07383dcae8a0cf145ed6f7017cbf6b41478acd2 269724 nodejs_18.20.1+dfsg.orig-ada.tar.xz ea406dd59b86fb2ab96043231d9ff763611c0fb08d5cabbaeccad770d1b34068 274360 nodejs_18.20.1+dfsg.orig-types-node.tar.xz 558c42f89f57a56e8d1e131fb6bb0a40f1cc844e52e2393837f932c0d8c8b31b 29305332 nodejs_18.20.1+dfsg.orig.tar.xz 9213d005e8a8e4e758db1e4f3f13eb22f611ce2be1d48d558cb4558d946f7f30 163104 nodejs_18.20.1+dfsg-1.debian.tar.xz 18067729aa2e52618b01a9dc2c6bd1dfbdbb469cce8a5b8f379fb9294947fea6 10916 nodejs_18.20.1+dfsg-1_source.buildinfo Files: 0e064ee9907fcb2b19f8f6fe88215a53 4359 javascript optional nodejs_18.20.1+dfsg-1.dsc 327a080764e93ab10a593efba5b84fd3 269724 javascript optional nodejs_18.20.1+dfsg.orig-ada.tar.xz 93414acee8286f9dc2e1b649cda05b09 274360 javascript optional nodejs_18.20.1+dfsg.orig-types-node.tar.xz dae02efb441915a83486babec21c8186 29305332 javascript optional nodejs_18.20.1+dfsg.orig.tar.xz 175f3688d3380ceb1b3fe3fbf65fe59f 163104 javascript optional nodejs_18.20.1+dfsg-1.debian.tar.xz 06d37a9966050b373c0e0b13d103f9a3 10916 javascript optional nodejs_18.20.1+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmYNu8wSHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN0iF8P/jgSVspzx+1vifQxluwWLsWXJSp7jgxr f1iOvKrmf5rXb7W1FICDoa53bOd+SmIL4Lbmd066+38k90n0zKEK61hpZoA84F6C jYekdGsGNPGoJeygJjxK99+ZEUvAAsBmtOvq5l7aLAHQJskPXZSD7zRxRbvoAt9k PRPQKh7uqreV3LoJGOMHnSdxUHNroM89oSqzx73nLyvfjW4+/xWkXIf3+DBoycFr X0b9PaQmlRWH3bWdYBTb5GXMNL6qkQD41YdN4KpJd3oe17qUVBfI9+VssJuN3Gii EQ6DQni0E4nPw9AmDG9nACjbqq1QOfWiJRmCZ6bHtPxRrTdaFUJeIhxymBqFq6V+ u4hGTgLJno2HQJ/8dPNIK2cYI/NbSRhBSIx62OPvyAEeSLAUJ9coDvoZ5/euazwS YFxlLnp0+/FqwXR2LWAw+Za5SNdSPoTbbYyE93yxBtTFBAhq7XIIf2IoEkgLkV+z 7jYXn+DGUFnthHz1e4XAfrIHagMn/hfYgyrpzp37UyLRhY2Rk3t8/Brt44lcE001 rREGxh8QYR7ECimOdpobzoXk4JbmFf2VlvYxl7mVTzRsTeuBHaHX1VH+Dy4qLGfK vuUBF7bjIeMCkCXrahu3kW3DFsWopqcmAGIOk/mA4iQsDvMzk7hfqNqdI/JbMPPu jGMuZfAIvxbk =8Xn2 -----END PGP SIGNATURE----- ----- End forwarded message -----
--- End Message ---
