Your message dated Sun, 14 Sep 2025 17:05:08 +0000
with message-id <[email protected]>
and subject line Bug#1111769: fixed in node-sha.js 2.4.12+~3.0.5-1
has caused the Debian Bug report #1111769,
regarding node-sha.js: CVE-2025-9288
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111769: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111769
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: node-sha.js
Version: 2.4.11+~2.4.0-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/browserify/sha.js/pull/78
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for node-sha.js.
CVE-2025-9288[0]:
| Improper Input Validation vulnerability in sha.js allows Input Data
| Manipulation.This issue affects sha.js: through 2.4.11.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9288
https://www.cve.org/CVERecord?id=CVE-2025-9288
[1] https://github.com/browserify/sha.js/pull/78
[2] https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
[3]
https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-sha.js
Source-Version: 2.4.12+~3.0.5-1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
node-sha.js, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated node-sha.js package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 Sep 2025 18:39:06 +0200
Source: node-sha.js
Architecture: source
Version: 2.4.12+~3.0.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 1111769
Changes:
node-sha.js (2.4.12+~3.0.5-1) unstable; urgency=medium
.
* Team upload
* Declare compliance with policy 4.7.2
* debian/watch version 5
* New upstream release (Closes: #1111769, CVE-2025-9288)
* Refresh patches
* Depends on new node-to-buffer
Checksums-Sha1:
ef3e793b58c91fd392b5dc686d698130879d500f 2541 node-sha.js_2.4.12+~3.0.5-1.dsc
de66990a681d2eaef9f5a300726b07beb82a9e73 2234
node-sha.js_2.4.12+~3.0.5.orig-types-sha-js.tar.gz
01cb71832a6c2ae787b746813d3f50baa8ba2851 22681
node-sha.js_2.4.12+~3.0.5.orig.tar.gz
b0f321f545ceec5c62fb439508fae9a0ed867a49 5044
node-sha.js_2.4.12+~3.0.5-1.debian.tar.xz
Checksums-Sha256:
5214c491c87b7d4c5854eccb5706d3708dd7a88dfbcf58bf6e5b60cb11f0991b 2541
node-sha.js_2.4.12+~3.0.5-1.dsc
a33000d06d3704268800c24713e119255a31aea2db794020314866e2f39694b6 2234
node-sha.js_2.4.12+~3.0.5.orig-types-sha-js.tar.gz
021fd35da8e13bb64b805bb3c25c8d7ab1e215c0b6ead236761c4785eccb410c 22681
node-sha.js_2.4.12+~3.0.5.orig.tar.gz
51247c54e4ab4515aaaf53d74c00fe9e4961011c41fd907079e24625032ebfd4 5044
node-sha.js_2.4.12+~3.0.5-1.debian.tar.xz
Files:
2367753ab2f85c21d2db95792d954f82 2541 javascript optional
node-sha.js_2.4.12+~3.0.5-1.dsc
03054c5b2a8a36699ed036b6a2692295 2234 javascript optional
node-sha.js_2.4.12+~3.0.5.orig-types-sha-js.tar.gz
829fbc0ed708723ababd3ef13e0b42bb 22681 javascript optional
node-sha.js_2.4.12+~3.0.5.orig.tar.gz
5dce0a6f902dd05bcd0c69862f31bf2a 5044 javascript optional
node-sha.js_2.4.12+~3.0.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmjG7/gACgkQ9tdMp8mZ
7ulwOBAAmSQWdf3xJBgo/1oaFazR06X+fRbOip9rUhoGfOsqukC088y5VSjqU9kk
2/0aNl2K8wMclmBxAbl9gQ6MnN0BmKE5W3OOm4FbOjPLoWd5V3nk74CB4g/vyM5x
9NZVcr8qA2RPT1wm+l6jLlRJMeaxQXETkhrnQZRO4vwzNduOVJLPSDVJKdqMtmj+
c9nLXB5PE1vOKSxWbGf5PzRyNjpGzCwxk8NG3IWFSN6PlWAtnB5jKHG10KHqqvqM
M5DCKABVzifZhbhOyIiqquUvnVopIVP9O3w5yR6v35QU4iosPQejWviWumpjT2FL
peidJJ1Sj9cJfxb0bOl1yYn4fiJaCWreZtu9yc12Hp/+QTX3x52Hl4cfByr39Ou9
OIVkIMQkE1SWYvHgQVOigI2BL8krNQeM6WfKg+BUzrgzDeTNJOexuLybdJc9/nA3
wym7ArV+xnsEEifgllTuoG3Q+srJLlvz2zCIn5+qJ2SvOkWaQzKltcVUdgBbN55g
B4uYriKDu4ZVSovFZQuyxTVdr/0dp5qOBTuvHkATiuc7iuU5NRHy5Xhlg+Xmll32
oY5U0j+P5AIbXDyepofp4Ur99HQpO/x1hvVH4KTk5kI3Rb6BobvHI0xfqoc4sfQw
j2lOpPO62EFzjvhRVWjQ1GZW0rtnfEkmUwiVokzPXTx8Y3CkzYg=
=trGH
-----END PGP SIGNATURE-----
pgpkb4w1JXdDh.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
