Your message dated Mon, 13 Oct 2025 18:20:48 +0000
with message-id <[email protected]>
and subject line Bug#1111769: fixed in node-sha.js 2.4.11+~2.4.0-2+deb13u1
has caused the Debian Bug report #1111769,
regarding node-sha.js: CVE-2025-9288
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111769: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111769
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: node-sha.js
Version: 2.4.11+~2.4.0-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/browserify/sha.js/pull/78
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for node-sha.js.
CVE-2025-9288[0]:
| Improper Input Validation vulnerability in sha.js allows Input Data
| Manipulation.This issue affects sha.js: through 2.4.11.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9288
https://www.cve.org/CVERecord?id=CVE-2025-9288
[1] https://github.com/browserify/sha.js/pull/78
[2] https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
[3]
https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-sha.js
Source-Version: 2.4.11+~2.4.0-2+deb13u1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
node-sha.js, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated node-sha.js package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 Sep 2025 19:44:33 +0200
Source: node-sha.js
Binary: node-sha.js
Architecture: source all
Version: 2.4.11+~2.4.0-2+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Description:
node-sha.js - Streamable SHA hashes in pure javascript
Closes: 1111769
Changes:
node-sha.js (2.4.11+~2.4.0-2+deb13u1) trixie-security; urgency=medium
.
* Team upload
* Fix improper input validation vulnerability (Closes: #1111769,
CVE-2025-9288)
* Add dependencies to node-get-intrinsic, node-isarray and
node-is-typed-array
Checksums-Sha1:
93f6f2b547c04a8963125161d75db16f60e5e462 2546
node-sha.js_2.4.11+~2.4.0-2+deb13u1.dsc
bce682ef860b40f419d024fa08600c3b8d24bb01 1628
node-sha.js_2.4.11+~2.4.0.orig-types-sha-js.tar.gz
32e86049a278857d2242ceb430df84cec2624895 10130
node-sha.js_2.4.11+~2.4.0.orig.tar.gz
09a4b88fbc17b4f421e37a578f976f73848a7d48 8348
node-sha.js_2.4.11+~2.4.0-2+deb13u1.debian.tar.xz
34064195834f345653efdecdc1f97721a0760eee 13252
node-sha.js_2.4.11+~2.4.0-2+deb13u1_all.deb
ef0e109f8668946f2a018f2ed7866c55e318a48c 15580
node-sha.js_2.4.11+~2.4.0-2+deb13u1_amd64.buildinfo
Checksums-Sha256:
e795b2f39cb45f272b19cbb66dac06fc93220077f511d420560efde99add4705 2546
node-sha.js_2.4.11+~2.4.0-2+deb13u1.dsc
783c1a296e2c3db1e38c652f0cc9541208aadbcd8fd4e95f53e5f28dbed06eb6 1628
node-sha.js_2.4.11+~2.4.0.orig-types-sha-js.tar.gz
380bc51652e4bc799d94ecce93448a157c171c786de95ac803b99019d6946182 10130
node-sha.js_2.4.11+~2.4.0.orig.tar.gz
fbbae6fce786c56e1bbd65629bedc47cedd58c3212284436b595cad46198ffd2 8348
node-sha.js_2.4.11+~2.4.0-2+deb13u1.debian.tar.xz
04a5c4d0728d57bb5f26bc29093dfe8f5ae63d5047ae77257063a862513c3c92 13252
node-sha.js_2.4.11+~2.4.0-2+deb13u1_all.deb
b6b84afa36172e163d372134437c6861df4d84f55efe2cdf865e94c207b31fd9 15580
node-sha.js_2.4.11+~2.4.0-2+deb13u1_amd64.buildinfo
Files:
c0c0e492c6580225eb8c2c8c5c46eefb 2546 javascript optional
node-sha.js_2.4.11+~2.4.0-2+deb13u1.dsc
7c0e638aae5a41247a8eb1f9ee3fa99b 1628 javascript optional
node-sha.js_2.4.11+~2.4.0.orig-types-sha-js.tar.gz
e2704a4284649f1209d4a64d2c464d22 10130 javascript optional
node-sha.js_2.4.11+~2.4.0.orig.tar.gz
85b1a0dccf379d3b00b683a4241b64c2 8348 javascript optional
node-sha.js_2.4.11+~2.4.0-2+deb13u1.debian.tar.xz
9820b76beb60639f7913aba885f06ae1 13252 javascript optional
node-sha.js_2.4.11+~2.4.0-2+deb13u1_all.deb
64983131e7fbc439f74f720dac3865d6 15580 javascript optional
node-sha.js_2.4.11+~2.4.0-2+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmjHJPgACgkQ9tdMp8mZ
7ukN0g//cvb/J/+8pTEeHmysXzGCh/8ZWcOjMib2cEJBhmMDUBFQ4FbazOQg0D09
FaEX4sDWOIKWvoSKjNnpSIksYwTwD/ew/Ay1d/tG28CEkpDixg9hSh/YBZhhT0hk
5iP1iiVPfJcmcHR8Dq2RBmysP8DK8RBcr58oJwlsq01UB/SAuiKgOXFzJYf6HqGZ
OaEuWOWp1UfFf9gxsLqvVRmzGSfXkzr+Ho2tya7X0X1JFY8j1Y4j/O9yJd8pR4vC
8RIqm4vOv3ih1+GOlUbR///AP424hwtXLPrg4Jx5CJX7ZZ4pdfCdSqtsOnOzWvux
lL3ZiOlJCwmidOknY25bpM/t+ln4CFYf0KEui9Ui6Akt9cY3D0bMl42M1wHZGuGT
n5ns7gGLq1BSoRpS5i4uIdkKL2Q0Qd9ZFi4lO60OA0qTvPL1W7Meex1D4cf1ow78
K0A028uUXDrLNz9vXJ0g04GSUCLmmcyeaZAKnH831FfmlqwvOQnBkOT5XwSmv/+h
yYYxkVM6cN+yVWvFQMZ6+j1iisonJpATrydjZnUzm0VW6sCeaxibhTiQchsDeHjG
KXe7DMnPyl2ye8j+y6wrByif0dw6lWMK/N84oTH44ikHSrqLPe5XushogExelGNk
DC6PxjCbkWGqIZ/mq3/VAcSnPy2r9Q+Nhk+aFRimHlfhnb8IarA=
=7+aK
-----END PGP SIGNATURE-----
pgpDAKL0Oo5VC.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
