Debian Bug report logs -
#891980
node-ssri: CVE-2018-7651
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>:
Bug#891980; Package src:node-ssri.
(Sat, 03 Mar 2018 15:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>.
(Sat, 03 Mar 2018 15:45:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: node-ssri
Version: 5.0.0-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/zkat/ssri/issues/10
Hi
See the following references for details:
https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d
https://github.com/zkat/ssri/issues/10
https://nodesecurity.io/advisories/565
Regards,
Salvatore
Changed Bug title to 'node-ssri: CVE-2018-7651' from 'node-ssri: Regular Expression Denial of Service vulnerability in the strict mode functionality'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 04 Mar 2018 07:54:03 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Thu, 08 Mar 2018 17:51:11 GMT) (full text, mbox, link).
Reply sent
to Akhil Varkey <akhilvarkey@disroot.org>:
You have taken responsibility.
(Thu, 22 Mar 2018 11:51:06 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 22 Mar 2018 11:51:06 GMT) (full text, mbox, link).
Message #14 received at 891980-close@bugs.debian.org (full text, mbox, reply):
Source: node-ssri
Source-Version: 5.2.4-1
We believe that the bug you reported is fixed in the latest version of
node-ssri, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 891980@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Akhil Varkey <akhilvarkey@disroot.org> (supplier of updated node-ssri package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 05 Mar 2018 23:26:47 +0530
Source: node-ssri
Binary: node-ssri
Architecture: source
Version: 5.2.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Akhil Varkey <akhilvarkey@disroot.org>
Description:
node-ssri - Utility for parsing, serializing, generating and verifying ssri
Closes: 891980
Changes:
node-ssri (5.2.4-1) unstable; urgency=medium
.
* New upstream release (closes: #891980)
* Fixes CVE-2018-7651
* Bumped Standard Version
Checksums-Sha1:
8797068fef54a09353bdbd48bfc58ee26c0c7c22 2080 node-ssri_5.2.4-1.dsc
3ffbdd779f431d62f31edb651550f0199de3faaa 60037 node-ssri_5.2.4.orig.tar.gz
6da405cd246f8fe8ca0f9c84188eae29f6f3585e 2136 node-ssri_5.2.4-1.debian.tar.xz
e69b0dc86ec78f6942519fed3dc6e613713a265a 7364 node-ssri_5.2.4-1_source.buildinfo
Checksums-Sha256:
3ed339f13b47aef1208125d75bd4bec63a8b052665360aabbd335563aafda5c3 2080 node-ssri_5.2.4-1.dsc
3bba58db1af9fde48b27fdcf76902da799910b9b3c872a649dd3f88d325af2e6 60037 node-ssri_5.2.4.orig.tar.gz
ab15ac52a87b7ab7e9deabbc412da0489feb60a502b5c6eaae25bc83901c098b 2136 node-ssri_5.2.4-1.debian.tar.xz
a320800e5e96f9373bcaf0197d396bbe2bd521fbea035874ed534177ab01b6bd 7364 node-ssri_5.2.4-1_source.buildinfo
Files:
bffac29aaa2a8d5ca94507b5e1f6c350 2080 javascript optional node-ssri_5.2.4-1.dsc
6dfcfc8abfd46b597ddc5661a798f2d0 60037 javascript optional node-ssri_5.2.4.orig.tar.gz
9e838b594a7c0cbe27c030d0072d3a28 2136 javascript optional node-ssri_5.2.4-1.debian.tar.xz
d082947fc4d20a9b5ae041d6817ad80d 7364 javascript optional node-ssri_5.2.4-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAlqzlK4ACgkQzh+cZ0US
wiq/OA/7B9nQUKiVm/vnqbigh9vK76EHH8VMT9kkg/sI+2ouEfnE1zFNxLxkfebf
sky92PBX9rA/RgRmpxBf5lTczJuZQs5tXhm5d+lHBLY16YN2p1VJJYeUrdUyMA7j
PH+Cd5TXweH0u1YKDTTn5KWoYY4nnyDhF+oVxeVIMBH40KN5CtPpgxp5KTQen+kc
g5NhKXKz5ppOhdfxOF85zI3u7qXfMhY2lv2hx0pM2gYJv1V0Ho3BMrM0oYINalt6
lQFl1Y5YSRnuhNDhRGQR3FnBGzGJ7QZ+fOvcdotVkOB9Z7L68Yt05PSqZF7yUHX9
KKAyKs1rtKkiXVDKtQ9/YPlxXMQOqiiGLq3EkWu3j/iVNAtTcJx4K+ogJ5knr0AI
W+Pv/lhhe6bv6awQ/LqGu69JYHjZ0bfP3Y9mPkIh0JJB3Lgm/oGQSlDSmf+GGd92
nd338xFtiN1vznzucPr9WbangAUR09ZUUxQdBe5CUBPr2pln2XbS+TdZ6KWFfNe2
hoLcq3zOVbtMDA7ATFh40QGmen1o4QM7ujk8v3W0GZ8wkcOGQXMPq1reCTAkZ1BC
zBpoySYjXRXQlwWz90VTYr3Fitghzmk1RDYYsCKZ18J9xugPdnJIGLwJumxcCLDT
gLyfsb9SpEW28+2LWQ6ZvaRnCalLtSdQjjgJ8SBRw9D5507tE1M=
=a+bv
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 24 Apr 2018 07:35:25 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:59:47 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon