Your message dated Wed, 14 Jan 2026 17:08:16 +0000
with message-id <[email protected]>
and subject line Bug#1123669: fixed in node-nodemailer 7.0.12+~7.0.5-1
has caused the Debian Bug report #1123669,
regarding node-nodemailer: CVE-2025-14874
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1123669: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123669
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: node-nodemailer
Version: 7.0.10+~7.0.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for node-nodemailer.
CVE-2025-14874[0]:
| A flaw was found in Nodemailer. This vulnerability allows a denial
| of service (DoS) via a crafted email address header that triggers
| infinite recursion in the address parser.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-14874
https://www.cve.org/CVERecord?id=CVE-2025-14874
[1]
https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v
[2]
https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-nodemailer
Source-Version: 7.0.12+~7.0.5-1
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
node-nodemailer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated node-nodemailer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 14 Jan 2026 17:38:48 +0100
Source: node-nodemailer
Architecture: source
Version: 7.0.12+~7.0.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 1123669
Changes:
node-nodemailer (7.0.12+~7.0.5-1) unstable; urgency=medium
.
* Declare compliance with policy 4.7.3
* New upstream release (Closes: #1123669, CVE-2025-14874)
* Update lintian overrides
* Update test modules
Checksums-Sha1:
9b0275c5f80bc9e5ef3f9a229e9eaf0dbf746e89 2667
node-nodemailer_7.0.12+~7.0.5-1.dsc
4109582cf0680a1a69457f66adabb9540c4dd19a 20144
node-nodemailer_7.0.12+~7.0.5.orig-types-nodemailer.tar.gz
b4fd555028d29984b8a5fdd034c5e332f615655b 8627286
node-nodemailer_7.0.12+~7.0.5.orig.tar.gz
135e5d2788168c717519534f73fed086178a54c6 113120
node-nodemailer_7.0.12+~7.0.5-1.debian.tar.xz
Checksums-Sha256:
7a6123594f17491422f8bcd4d864883f07196f75f124bd0ef614c0d82c67de31 2667
node-nodemailer_7.0.12+~7.0.5-1.dsc
9475ea791b2689b8156027df836f19509de10c32474a7dbb9fcf8974e9724355 20144
node-nodemailer_7.0.12+~7.0.5.orig-types-nodemailer.tar.gz
f736f37fe3bae0d613dd8992f61ed3faf2f8c443c14325611054ba9f00118f69 8627286
node-nodemailer_7.0.12+~7.0.5.orig.tar.gz
6f824e03c0ec613cb85b96fd9e58ba9a97221053ec9cd540c583b5542085b67c 113120
node-nodemailer_7.0.12+~7.0.5-1.debian.tar.xz
Files:
525eec84da40e6eb2817e3078e4dd818 2667 javascript optional
node-nodemailer_7.0.12+~7.0.5-1.dsc
c503000ddc196eb4a8260890ea5aee1c 20144 javascript optional
node-nodemailer_7.0.12+~7.0.5.orig-types-nodemailer.tar.gz
60de30898dff51c03c1d5c05a6c41cc0 8627286 javascript optional
node-nodemailer_7.0.12+~7.0.5.orig.tar.gz
40ea6d2dac18ed13b3be890e87af0ddc 113120 javascript optional
node-nodemailer_7.0.12+~7.0.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmlnyBQACgkQ9tdMp8mZ
7ulDuw/9EiBH0BZn+Kzu0Y9E2cmAoDqjZXoOlzEcqU1xnSzUK+2Xt5bWJxG7wN9/
NTK/W1LpT/vZgL4WKRRe/qP+a8v7wAqU55d26m+jg8t+SYUbez2ob4LMxxscCilS
n3c48D8vetkSXTsmYpEOlN56KqHYyt9ruTVeHVELwJCKXc26MnIcDYstQ6BRj0uW
KAbAPPdaiYt5ze49/hst4wgwQlSyw40c/mE6Ux69A6LWRCenPwtHdqRwGVByx9+J
lrvXXfKJKeZWI/19zk7gcTQb2TFdv998Lwpw/2YtQ9tLeb5OK7+ytihgI7gM/mSj
EcZyGswllEfFEnLy+ZxOennotUXRMvdzSly2B3TQ4EuHmvUE+9aqI8YQBXAOeJHx
sGrH1fbtYyOhyyp0kAuYCi6ugM5rFuXlrWMObiSu3mEvb3iCtYdLB/yE0gmPGsZr
Ymyo8EgNsSv4rzwETf3SOD3QOOeW2WBnzW6v/eGt/Ldq4Lrd6iyAQAsZxEMIKzgI
uT7aN+vSv+uB8PNOSrD6LfMrBaOp1Ao0CM+7SB0cqNyqT8vhKqpS/cY8Ea16wZWD
yFl5hepzwU731uH1VY5sKMsXlCEpTHScAY+uaFB5jh8HauxyDmLtit+AW3ushiD0
kucVw3NFnF8H5BSQKII+Z52S+dK6ecu7VKg9/JLrgo8kvL0K/ds=
=bxSB
-----END PGP SIGNATURE-----
pgpgZW3_Y9MOU.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
