Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2016-5325 / CVE-2016-7099

Related Vulnerabilities: CVE-2016-5325   CVE-2016-7099  

Source

Debian Bug report logs - #839714
CVE-2016-5325 / CVE-2016-7099

version graph

Package: src:nodejs; Maintainer for src:nodejs is Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Tue, 4 Oct 2016 09:15:01 UTC

Severity: grave

Tags: security

Fixed in version nodejs/4.6.0~dfsg-1

Done: Jérémy Lal <kapouer@melix.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>:
Bug#839714; Package src:nodejs. (Tue, 04 Oct 2016 09:15:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>. (Tue, 04 Oct 2016 09:15:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2016-5325 / CVE-2016-7099
Date: Tue, 04 Oct 2016 11:13:43 +0200
Source: nodejs
Severity: grave
Tags: security

Please see
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

Cheers,
        Moritz

Added tag(s) pending. Request was from Jérémy Lal <kapouer@melix.org> to control@bugs.debian.org. (Thu, 06 Oct 2016 13:06:03 GMT) (full text, mbox, link).

Reply sent to Jérémy Lal <kapouer@melix.org>:
You have taken responsibility. (Sun, 09 Oct 2016 22:30:16 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Sun, 09 Oct 2016 22:30:16 GMT) (full text, mbox, link).

Message #12 received at 839714-close@bugs.debian.org (full text, mbox, reply):

From: Jérémy Lal <kapouer@melix.org>
To: 839714-close@bugs.debian.org
Subject: Bug#839714: fixed in nodejs 4.6.0~dfsg-1
Date: Sun, 09 Oct 2016 22:27:45 +0000
Source: nodejs
Source-Version: 4.6.0~dfsg-1

We believe that the bug you reported is fixed in the latest version of
nodejs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 839714@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jérémy Lal <kapouer@melix.org> (supplier of updated nodejs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 09 Oct 2016 22:05:40 +0200
Source: nodejs
Binary: nodejs-dev nodejs nodejs-dbg nodejs-legacy
Architecture: source
Version: 4.6.0~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Jérémy Lal <kapouer@melix.org>
Description:
 nodejs     - evented I/O for V8 javascript
 nodejs-dbg - evented I/O for V8 javascript (debug)
 nodejs-dev - evented I/O for V8 javascript (development files)
 nodejs-legacy - evented I/O for V8 javascript (legacy symlink)
Closes: 830242 836415 839714
Changes:
 nodejs (4.6.0~dfsg-1) unstable; urgency=medium
 .
   * New upstream version 4.6.0~dfsg
     Fixes: CVE-2016-7099, CVE-2016-5325
     Closes: #839714.
   * Hardening flags: +all, -pie because v8 doesn't support pie.
   * Disable DNS during tests, using RES_OPTIONS=attempts:0,
     and disable tests that fail to run when only a loopback
     interface is available. Closes: #830242.
   * Do not fail when node symlink exists in check target
   * Disable addons, pseudo-tty, doctool test suites
   * test_ci patch: allow overriding CI test options
   * Disable tests failing without DNS
   * doctool-yaml patch: avoid use of eslint deps and use
     node-yamlish package instead
   * Build-Depends node-marked, exclude it for convenience,
   * Stop building for powerpc architecture as some cpu are not
     actually supported by libv8. Closes: #836415.
Checksums-Sha1:
 f40db234b4727482d3f9e49f3a91bcd07cebde9d 2470 nodejs_4.6.0~dfsg-1.dsc
 9d25303739a479dc00d2f8b9eccd00ca6709e429 9720128 nodejs_4.6.0~dfsg.orig.tar.gz
 64b91573eedb3b1c49832faa862f2904bfc38cf1 347096 nodejs_4.6.0~dfsg-1.debian.tar.xz
Checksums-Sha256:
 aa6cdf768fd6e2c3e48eb91ffc31c50019bf8733fc00d3593f682e777708212c 2470 nodejs_4.6.0~dfsg-1.dsc
 103c691006f4266a4ee2c6007c03646a93da7cf163414896d0cee4343259c1b5 9720128 nodejs_4.6.0~dfsg.orig.tar.gz
 0b56a05093cb0453cbe0be7d4d34bf92d2e4bee718569a2fd6a3fd27aec2908c 347096 nodejs_4.6.0~dfsg-1.debian.tar.xz
Files:
 9dad21f69e2e12a54e79a041eabc446c 2470 web - nodejs_4.6.0~dfsg-1.dsc
 d1d110e21be6ceed33b8ce8645ae2679 9720128 web - nodejs_4.6.0~dfsg.orig.tar.gz
 cccf12454aaa40bf5bb6305409893794 347096 web - nodejs_4.6.0~dfsg-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIvBAEBCAAZBQJX+qM1EhxrYXBvdWVyQG1lbGl4Lm9yZwAKCRBmEcBe3TnzdCAO
D/0RKF2S694U45hjS6VGfhNzzjjH7a/GmQEyPQCMJvR94vV6bkGVYc3DpyVEw0JN
0MjUweC7eFmeqfXXTCkrwVmxwEoVCqKXWCqTQwCrMyHvHdHCtLYsPBExZjfRWI91
JndzZeeoAYtmwb5bQWpfUFyS0zD/6V7IHu9C5Ut2EsobQr+i0WFmxdTtYLneg/IP
6kqEmNAa34nZcMe7t3FAzrHdupzOt4tBamK31Od9ugvQUmowXK+6DhlmO6VhA02/
wxoOI1C8VmAUyNxWAVzlvTSm51bpXrZpkCAHG/hBmOLDPza2FvQxBVYuoNxYtCZH
hSVXkrAHfRMUZgt0ci5WiuNZbOPsqC3+Ou/Y5n+ZJOJ7Zh7WhQ0MIhCS9hAv+e72
IIM/mt7CIIYN56llLY5AKLgKSUs7ZSLfzpEonvtK4s/qP5ZrMp1kF2hCwVQgJxHN
plPx7mD4LGCiYaoMgGV5vT2YhuPL27vggtFjSnU1436cqrDRWC9BDx3M4enKi7iX
1XXtxumAS5D4ypZMrFoKpS72iQZc/5xm8KK6WzcbzPkB4gsHThVk8isUE7M12KB2
hcLM68PEA7Nrd7JGiS8R5akqqgKIAEdbTXO1Y1F8au+WTJsWonaIvzYPmzNcsLra
dnHp33ByrbsqOGbHQkVNXDQ0P69NUXKaqBDsqWudV6wD+w==
=SFM/
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 07 Nov 2016 07:26:48 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:41:16 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started