Your message dated Sun, 19 Oct 2025 13:22:43 +0000
with message-id <[email protected]>
and subject line Bug#1111769: fixed in node-sha.js 2.4.11+~2.4.0-2+deb12u1
has caused the Debian Bug report #1111769,
regarding node-sha.js: CVE-2025-9288
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1111769: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111769
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: node-sha.js
Version: 2.4.11+~2.4.0-2
Severity: grave
Tags: security upstream
Forwarded: https://github.com/browserify/sha.js/pull/78
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for node-sha.js.
CVE-2025-9288[0]:
| Improper Input Validation vulnerability in sha.js allows Input Data
| Manipulation.This issue affects sha.js: through 2.4.11.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9288
https://www.cve.org/CVERecord?id=CVE-2025-9288
[1] https://github.com/browserify/sha.js/pull/78
[2] https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
[3]
https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-sha.js
Source-Version: 2.4.11+~2.4.0-2+deb12u1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
node-sha.js, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated node-sha.js package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 Sep 2025 22:28:50 +0200
Source: node-sha.js
Binary: node-sha.js
Architecture: source all
Version: 2.4.11+~2.4.0-2+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Description:
node-sha.js - Streamable SHA hashes in pure javascript
Closes: 1111769
Changes:
node-sha.js (2.4.11+~2.4.0-2+deb12u1) bookworm-security; urgency=medium
.
* Fix improper input validation vulnerability (Closes: #1111769,
CVE-2025-9288)
* Add dependencies to node-get-intrinsic, node-isarray and
node-is-typed-array
Checksums-Sha1:
077abf6cd2e72051eb6b16d719c40efc55a238fb 2546
node-sha.js_2.4.11+~2.4.0-2+deb12u1.dsc
bce682ef860b40f419d024fa08600c3b8d24bb01 1628
node-sha.js_2.4.11+~2.4.0.orig-types-sha-js.tar.gz
32e86049a278857d2242ceb430df84cec2624895 10130
node-sha.js_2.4.11+~2.4.0.orig.tar.gz
423086727e34226b982a978b5cf1a79b73e7114b 8356
node-sha.js_2.4.11+~2.4.0-2+deb12u1.debian.tar.xz
3e309bbab6ac67780723a0a0a4e8b2c68967d63f 13252
node-sha.js_2.4.11+~2.4.0-2+deb12u1_all.deb
ba55cd37160ad7c0137ce4be96f662f33a91cfd8 16191
node-sha.js_2.4.11+~2.4.0-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
f76100165b8de06cd8124f0b83f66fe8dca908455c9135d982282c800009d740 2546
node-sha.js_2.4.11+~2.4.0-2+deb12u1.dsc
783c1a296e2c3db1e38c652f0cc9541208aadbcd8fd4e95f53e5f28dbed06eb6 1628
node-sha.js_2.4.11+~2.4.0.orig-types-sha-js.tar.gz
380bc51652e4bc799d94ecce93448a157c171c786de95ac803b99019d6946182 10130
node-sha.js_2.4.11+~2.4.0.orig.tar.gz
13c70efe5cc75d5083f72632b586fe077f5f5d1b49d3b644eef46d66e23474f0 8356
node-sha.js_2.4.11+~2.4.0-2+deb12u1.debian.tar.xz
617019c9d5fb64df612433014707f081e446940fa4c21f5e0009c8f8eec68f78 13252
node-sha.js_2.4.11+~2.4.0-2+deb12u1_all.deb
d651dcabf48d41238c18753865c90f5ea63687350b78357f9ccbfbe0116cd7cf 16191
node-sha.js_2.4.11+~2.4.0-2+deb12u1_amd64.buildinfo
Files:
edea517c97cc72889e0eab6ddda61e82 2546 javascript optional
node-sha.js_2.4.11+~2.4.0-2+deb12u1.dsc
7c0e638aae5a41247a8eb1f9ee3fa99b 1628 javascript optional
node-sha.js_2.4.11+~2.4.0.orig-types-sha-js.tar.gz
e2704a4284649f1209d4a64d2c464d22 10130 javascript optional
node-sha.js_2.4.11+~2.4.0.orig.tar.gz
4462e410bf9873e8e52844750b6f5dfc 8356 javascript optional
node-sha.js_2.4.11+~2.4.0-2+deb12u1.debian.tar.xz
0a2a9589849c6341ea84a9234ed1239e 13252 javascript optional
node-sha.js_2.4.11+~2.4.0-2+deb12u1_all.deb
c77ac2d1d4c0df462ea0a2a36b43eb75 16191 javascript optional
node-sha.js_2.4.11+~2.4.0-2+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmjHJm0ACgkQ9tdMp8mZ
7ulCmw/7BEPlAhvGDS/EsFEwGieN4N4XxtP2GgdhsoZYhJLWMixi3CJvCLqjP1xJ
lxFI0OW81BY6ozaxvo/YQLzWRKfWmjiPWXOGGZnGrivrWvG1c5WBXmss6J1MKUsg
xo2sf4iJgXbtsD+6oAbu2EYiiX5caqZsZWHsZUPteOPmv9sKCSUpseF9STJhtkfs
P4K/eDrLrHU0XJG8R5s458wMrmVtcrHt69wabwJEKQ/VQqyjD1sRhpfWJaklxYxP
RpIscQMqdFSCkgWglJzPnhybY3V5TS1Gf/GpM4Xj/V6SVp3J+j0+F44NJz2yXzy3
00NnURAxXvx8ijU+nj4ceVaSMfg0epKOiyoSaUlU1doB5fOBPw357PDQA0OLzRJN
zWJeFbZzkGMJuVINYxh5q1IkEWoJQYr+V5Fxb6nNQEGEj0iX80Retl3NcZ7ge/64
4Kmig9ROd9R/kUlEP6otwEnc2P97QSGh8vnsWj1nXj0UepVSC83t1MbPum/sTYh5
SOqCUbMlbPo1oj0R7knX67vzQoP2V90HGPGm3fbKMx8Yeu8LFuLF3fwnDuYMInb1
09AxDb7e4robDsKsA+qbUTIsxTOwiTVHgc/PeeCcqMnRyVTfbHVA48YWwuJKLdZH
+dh1UHJ7aW4WOZXZO5gXg4NILTm3T14TmdLgYIMqCm0BOF+ahJA=
=iG+f
-----END PGP SIGNATURE-----
pgpBQAzLnqKuB.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
