Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 08 May 2019 19:27:08 +0200
Source: node-mqtt-packet
Architecture: source
Version: 6.0.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Xavier Guimard
Closes:
Your message dated Wed, 08 May 2019 17:48:29 +
with message-id
and subject line Bug#928673: fixed in node-mqtt-packet 6.0.0-2
has caused the Debian Bug report #928673,
regarding node-mqtt-packet: CVE-2019-5432
to be marked as done.
This means that you claim that the problem has been dealt
node-mqtt-packet_6.0.0-2_sourceonly.changes uploaded successfully to localhost
along with the files:
node-mqtt-packet_6.0.0-2.dsc
node-mqtt-packet_6.0.0-2.debian.tar.xz
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
--
Pkg-javascript-devel mailing list
Source: node-mqtt-packet
Version: 6.0.0-1
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for node-mqtt-packet.
CVE-2019-5432[0]:
| A specifically malformed MQTT Subscribe packet crashes MQTT Brokers
| using the mqtt-packet module versions 3.5.1, 4.0.0 -
Your message dated Wed, 08 May 2019 10:33:18 +
with message-id
and subject line Bug#928645: fixed in node-lockfile 1.0.4-2
has caused the Debian Bug report #928645,
regarding RFI: replacement of touch module with fs
to be marked as done.
This means that you claim that the problem has been
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 08 May 2019 11:41:01 +0200
Source: node-lockfile
Architecture: source
Version: 1.0.4-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Xavier Guimard
Closes:
Le 08/05/2019 à 10:49, Ritesh Raj Sarraf a écrit :
> Package: node-lockfile
> Version: 1.0.4
> Severity: normal
>
> Hi,
>
> This is mostly about trying to determine the reason for the change.
> I noticed that in patch `remove-touch.patch`, the requirement for `touch`
> module is worked around by
node-lockfile_1.0.4-2_sourceonly.changes uploaded successfully to localhost
along with the files:
node-lockfile_1.0.4-2.dsc
node-lockfile_1.0.4-2.debian.tar.xz
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
--
Pkg-javascript-devel mailing list
Processing control commands:
> tag -1 pending
Bug #928645 [node-lockfile] RFI: replacement of touch module with fs
Added tag(s) pending.
--
928645: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928645
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
Le 08/05/2019 à 11:22, Xavier a écrit :
> Le 08/05/2019 à 10:49, Ritesh Raj Sarraf a écrit :
>> Package: node-lockfile
>> Version: 1.0.4
>> Severity: normal
>>
>> Hi,
>>
>> This is mostly about trying to determine the reason for the change.
>> I noticed that in patch `remove-touch.patch`, the
Le 08/05/2019 à 10:45, Julien Puydt a écrit :
> Hi,
>
> I think it just doesn't make sense :
> http://jscolor.com/download/
>
> in any case, it certainly isn't DFSG-compliant.
>
> Still, I'd like some feedback on the matter... if only to understand the
> situation better before I try to get
Package: node-lockfile
Version: 1.0.4
Severity: normal
Hi,
This is mostly about trying to determine the reason for the change.
I noticed that in patch `remove-touch.patch`, the requirement for `touch`
module is worked around by the `fs` module.
Is it because by the minor change you were able to
Hi,
I think it just doesn't make sense :
http://jscolor.com/download/
in any case, it certainly isn't DFSG-compliant.
Still, I'd like some feedback on the matter... if only to understand the
situation better before I try to get in touch with upstream.
Cheers,
JP
--
Pkg-javascript-devel
13 matches
Mail list logo
