Your message dated Sat, 16 May 2026 14:34:50 +0000
with message-id <[email protected]>
and subject line Bug#1136804: fixed in node-ws 8.20.1+~cs14.19.1-1
has caused the Debian Bug report #1136804,
regarding node-ws: CVE-2026-45736
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1136804: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136804
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: node-ws
Version: 8.19.0+~cs14.19.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for node-ws.
CVE-2026-45736[0]:
| ws is an open source WebSocket client and server for Node.js. Prior
| to 8.20.1, the websocket.close() implementation is vulnerable to
| uninitialized memory disclosure when a TypedArray is passed as the
| reason argument. This vulnerability is fixed in 8.20.1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-45736
https://www.cve.org/CVERecord?id=CVE-2026-45736
[1] https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx
[2]
https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: node-ws
Source-Version: 8.20.1+~cs14.19.1-1
Done: Xavier Guimard <[email protected]>
We believe that the bug you reported is fixed in the latest version of
node-ws, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <[email protected]> (supplier of updated node-ws package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 16 May 2026 16:18:00 +0200
Source: node-ws
Architecture: source
Version: 8.20.1+~cs14.19.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Xavier Guimard <[email protected]>
Closes: 1136804
Changes:
node-ws (8.20.1+~cs14.19.1-1) unstable; urgency=medium
.
* Team upload
* Declare compliance with policy 4.7.4
* Drop "Priority: optional"
* Apply multiarch hints from UDD
* Team upload
* New upstream version (Closes: #1136804, CVE-2026-45736)
Checksums-Sha1:
60439bca6ab8f5f4dad0c550f80519b8af431081 2925 node-ws_8.20.1+~cs14.19.1-1.dsc
48464e4bf2ddfd17db13d845467f6070ffea4aa9 6013
node-ws_8.20.1+~cs14.19.1.orig-types-ws.tar.gz
4e0d6933802ccb18f663fd109c9e93a035859add 5016
node-ws_8.20.1+~cs14.19.1.orig-wscat.tar.gz
58bb7b355b1652630dc35af0ea608420b5c01846 87393
node-ws_8.20.1+~cs14.19.1.orig.tar.gz
bd9ba2de14d6947ad3ace1676eae292f6bdc1898 5396
node-ws_8.20.1+~cs14.19.1-1.debian.tar.xz
Checksums-Sha256:
a56a043126d6f61f9785a1ba991e34a02570e8db3e9eceda71a65e433c0bbcb3 2925
node-ws_8.20.1+~cs14.19.1-1.dsc
dc2763952a24bf15dc920830a2d2884c23bccc08a853e8556e34771401254fa5 6013
node-ws_8.20.1+~cs14.19.1.orig-types-ws.tar.gz
a779225d92fcceade8db9831b0f9f0830b2b20216e79f5fd303941817a267fe4 5016
node-ws_8.20.1+~cs14.19.1.orig-wscat.tar.gz
0919ccb48fa081afc291cf2a1b75995714d514470827f34f5197ba9579b1d098 87393
node-ws_8.20.1+~cs14.19.1.orig.tar.gz
9c2797d67b13e3cde64497b8cedc7db2f5640c4813532bf26ad11966641b01d8 5396
node-ws_8.20.1+~cs14.19.1-1.debian.tar.xz
Files:
d5c33a54e6a9e60df1fa693759ef425e 2925 javascript optional
node-ws_8.20.1+~cs14.19.1-1.dsc
b36d8736035a3f5c7b2fb62b2fbeca1a 6013 javascript optional
node-ws_8.20.1+~cs14.19.1.orig-types-ws.tar.gz
1ffc9b580c625f627939368a5c535c8a 5016 javascript optional
node-ws_8.20.1+~cs14.19.1.orig-wscat.tar.gz
5cb7ea7aaf4b2121239c3ee909dad8bd 87393 javascript optional
node-ws_8.20.1+~cs14.19.1.orig.tar.gz
fa01c97db58883aa9e86963e87354bee 5396 javascript optional
node-ws_8.20.1+~cs14.19.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmoIfQAACgkQ9tdMp8mZ
7umV4Q//RvmmsjQDOr9hnNIcEozb6/4qSfW5X2FJkgdHIWoXtjakmoQsqx1iL6OD
o9koeJEMZwTnphy3yFLlZIh8CR0xoz94P3etAti/AwXD/c5aOb/adKJgwpGnjzpk
xg50ZUb3kRTEu+7er5Z0kYGA9/nHHolBbFoE5iw84mCYCgtjFiKqe6+kgMLC5W0Q
SZzd7/QKDUQJDf7G3lr+QYfOHPnOT/P5O6A2MprOVQMyef5+/4N5dqtBtloCIpcP
bXIPoasrpOBVJnj3lI/ZFUXW0c6GVaQDcyQEqHXfqE1jQjdTKrI/V5c2oOAuqOqm
IPODUv7VcfeL6hAcUISG9Yjj0iv9gOn5igximoS3p6evg9MXJXAwN6IBA+i1b/vQ
sSkBn9b2gJXe9Ffj3uw4K0+XpxHlP3+phIE3OM03uRmlJwLAmBnHTG+q+Jsjv49L
90nWtAXPNxpQJ/PlHTbF0BFlbQXPnv6ec19MQ2ECC/01gctYduiPHGJFD3B+1sOb
ko7ZGNgQQB91sm/AzmTWXfifwqYKmqJglflPhoSoSoz9PIVUWGr7MEPOvijPf++k
3gSycwJbxMK5oYPG5lKEBLHJDdY22ba3f4yewswAtMxRK6lR/0qngmF1x6qp/ipc
9cQjKXjDT55w4vX5gnCUy5g5gef2EX2hdfFx6P2YWDoPSieur0Y=
=tPrY
-----END PGP SIGNATURE-----
pgpa1uxtwup5T.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
