Your message dated Tue, 07 May 2019 21:18:26 +0000 with message-id <e1ho7tm-000fd5...@fasolo.debian.org> and subject line Bug#928624: fixed in node-axios 0.17.1+dfsg-2 has caused the Debian Bug report #928624, regarding node-axios: CVE-2019-10742 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928624: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928624 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: node-axios Version: 0.17.1+dfsg-1 Severity: grave Tags: security upstream Forwarded: https://github.com/axios/axios/issues/1098 Hi, The following vulnerability was published for node-axios. CVE-2019-10742[0]: | Axios up to and including 0.18.0 allows attackers to cause a denial of | service (application crash) by continuing to accepting content after | maxContentLength is exceeded. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10742 [1] https://github.com/axios/axios/issues/1098 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: node-axios Source-Version: 0.17.1+dfsg-2 We believe that the bug you reported is fixed in the latest version of node-axios, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard <y...@debian.org> (supplier of updated node-axios package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 07 May 2019 22:59:58 +0200 Source: node-axios Architecture: source Version: 0.17.1+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Xavier Guimard <y...@debian.org> Closes: 928624 Changes: node-axios (0.17.1+dfsg-2) unstable; urgency=medium . * Team upload * Declare compliance with policy 4.3.0 * Add upstream/metadata * Add patch to destroy stream on exceeding maxContentLength (Closes: #928624, CVE-2019-10742) * Fix debian/copyright format URL Checksums-Sha1: c79bb062fa6faba6ded1ffbc9a478c6e2fbce699 2247 node-axios_0.17.1+dfsg-2.dsc 67018b26a2d9dd5a8340d07d7f19826644f3a52f 3912 node-axios_0.17.1+dfsg-2.debian.tar.xz Checksums-Sha256: ab1bbf8ef57ffd48bc1ae338825121ebb3f73157d41aa838ca516fd29b73bf25 2247 node-axios_0.17.1+dfsg-2.dsc 1a2d12755810749c29dbdd432702583424b7a4aa01142a3a105d2e7eb5c12f4d 3912 node-axios_0.17.1+dfsg-2.debian.tar.xz Files: 48b7115fd2a999e639f12c4237c00308 2247 javascript optional node-axios_0.17.1+dfsg-2.dsc 8b4dedef3e4a03e5258af43127ebb1f0 3912 javascript optional node-axios_0.17.1+dfsg-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAlzR8vAACgkQ9tdMp8mZ 7ukjpxAAkRT+8O8oRihxqlY90Hsq/3x/Rb+q0zIYzdOyPc56QwKpkvwrVeXNkc0W XVyamoXbFHGfWfdFKdxpvmhyvJ6+MddezANbG/akTGLBoQHm38JE/XZ8P+XxCuXK /GBDUEnTSvrBOglAX3xBKTybleHijYLb2bQQ0ElA2sreeAuNXFchWYw2XjteXg/g TpaWhBpXfpKL6iWH5X9VLCvRHkT4vQc7z0BIsXQDkaavnivHBmLQCmnNLk8yk/Od +Z3n5GRAvyQwyqA0uJpftvLPKPvr0juRIbxcim3hec6U84DVZYO/lyz9Q79mr0v2 T/O6/39lglDsTyu2+aiPh2rGVALU0hnwSnmn7pzrTDRWnO3KXTusUlTpFBwk0fnh M3vk/8vEhy0obj5abuijtdRM8RLqhRQN6aMXuEhmFxHX6KYPm6c9/4l8LW/yOn/H ON87/bGfZTWET7gonoRTWA27W4LoalN8cvkaxYcLwfuO+RV/mxqxOTWbcXLfFU3w ugTtkJgAPvMIVd4LD1OEoRsgClMxZorsfTxf+GtM8SOsWLRdcWHtIbH9LFiD3EEP AnMelbDrvkIXS4hvXZcYZJuF2oC+SVtP7e8LZIPyz/anvGYQjhmd7ZPQpULYa3Lw BNM6giwQW49BWAoGCWZEPnV3jKXJ5f/6DxY+dlDIjSwFUkQE4X8= =tDlX -----END PGP SIGNATURE-----
--- End Message ---
