node-mixin-deep: CVE-2018-3719: Prototype pollution via merging functions

Debian Bug report logs - #898315
node-mixin-deep: CVE-2018-3719: Prototype pollution via merging functions

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: node-mixin-deep: CVE-2018-3719: Prototype pollution via merging functions

Date: Thu, 10 May 2018 09:16:49 +0200

Source: node-mixin-deep
Version: 1.1.3-1
Severity: important
Tags: security upstream
Forwarded: https://nodesecurity.io/advisories/578

Hi,

The following vulnerability was published for node-mixin-deep.

CVE-2018-3719[0]:
Prototype pollution via merging functions

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-3719
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3719
[1] https://nodesecurity.io/advisories/578

Regards,
Salvatore

Message #8 received at 898315-submitter@bugs.debian.org (full text, mbox, reply):

From: Xavier Guimard <noreply@salsa.debian.org>

To: 898315-submitter@bugs.debian.org

Subject: Bug #898315 in node-mixin-deep marked as pending

Date: Sun, 21 Apr 2019 12:27:12 +0000

Control: tag -1 pending

Hello,

Bug #898315 in node-mixin-deep reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/js-team/node-mixin-deep/commit/f4ba76df0e07f9300188ad24586897f0aa40b914

------------------------------------------------------------------------
Fix prototype polution (Closes: #898315, CVE-2018-3719)
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/898315

Message #15 received at 898315-close@bugs.debian.org (full text, mbox, reply):

From: Xavier Guimard <yadd@debian.org>

To: 898315-close@bugs.debian.org

Subject: Bug#898315: fixed in node-mixin-deep 1.1.3-2

Date: Sun, 21 Apr 2019 12:49:25 +0000

Source: node-mixin-deep
Source-Version: 1.1.3-2

We believe that the bug you reported is fixed in the latest version of
node-mixin-deep, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 898315@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Xavier Guimard <yadd@debian.org> (supplier of updated node-mixin-deep package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 Apr 2019 14:24:15 +0200
Source: node-mixin-deep
Architecture: source
Version: 1.1.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Xavier Guimard <yadd@debian.org>
Closes: 898315
Changes:
 node-mixin-deep (1.1.3-2) unstable; urgency=medium
 .
   * Team upload
   * Add upstream/metadata
   * Declare compliance with policy 4.3.0
   * Change section to javascript
   * Fix prototype pollution (Closes: #898315, CVE-2018-3719)
   * Switch tests to pkg-js-tools
   * Fix VCS fields
   * Fix debian/copyright
Checksums-Sha1: 
 85f9a631d08fed37655e9628d364c511125c8e9d 2138 node-mixin-deep_1.1.3-2.dsc
 74d2af7fa434b3c72ba331c733300d9fcf396feb 2632 node-mixin-deep_1.1.3-2.debian.tar.xz
Checksums-Sha256: 
 661061b635d6a7a044541d8e088af8680d84460b9fe47eebde55a842aa8da5ad 2138 node-mixin-deep_1.1.3-2.dsc
 505d5fa4bdf7360e876a4bfc22da2ea671cb6460bd3b88f99cea686be281c676 2632 node-mixin-deep_1.1.3-2.debian.tar.xz
Files: 
 d0f67066ac7f5f67711e569425b08e8c 2138 javascript optional node-mixin-deep_1.1.3-2.dsc
 17f338bd3eceda445ee2fc13bd4751bb 2632 javascript optional node-mixin-deep_1.1.3-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAly8YrIACgkQ9tdMp8mZ
7ukwphAAnFVenanNc90E6/kaRTqGBiYhey8//eZ6JwNz7dJhZM/dYnO89AvfNX1U
fuZs9DPWdoJLkn82KxHXFsdaV+b3Tw7ptfjmOGeByAw9WMunZTqmfjND+QQc3D+u
J1o2+mHq6OXVMQ5hsEaFMfonY6C6lMOYMBwZjZoP8tn6TnahgxGeFov/BM5kP24l
gh9EkFBufK7EXwQjIfEpsvqhN7k977kDG0HJx8xrd4b1hrXQvabl2KpvAd3YnkUU
GFdiru8BL0GZsiIIiT03sCkBNC6uqDTRn8oBYas6WIw/Va/5b/lqoTnxySo18Qne
T8XTPqCxffhdp4LmDdY9NK/Dm4MnN+kQSRX3xTTxvSqknK8Ao8+YTCHBgHMuzi81
grFw7XNScMaNg7lndJ12YxeFu6mel+CbDkCCWcSE+UW+gGi+/AfJz6bqGL819oLX
bxxmi+Z4o11W22sWpMVDnleLS5wohCovptpj4sJFeTaKET5hOnY6HFQTCXIafAxm
11aeOrwZCj9Bx9Zp8H+5Yb3qe0cYRkzngmCbxdizIkLToPg+qJ+4KIkcSWmV0M16
zjfzlkZYE3cgPXYx7Q8UpK+d9f7VE0c4ZEBmx2/fVv2fkD6BuuZf9n+ISZKl1FUT
9qNOYFDLfRZisN/lKCdZU+giq0EyAkS/rbk58zV63yXbupMTfL4=
=S880
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.