nodejs: CVE-2022-43548

Debian Bug report logs - #1023518
nodejs: CVE-2022-43548

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: nodejs: CVE-2022-43548

Date: Sat, 05 Nov 2022 21:01:57 +0100

Source: nodejs
Version: 18.12.0+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for nodejs.

CVE-2022-43548[0]:
| DNS rebinding in --inspect via invalid octal IP address

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-43548
    https://www.cve.org/CVERecord?id=CVE-2022-43548
[1] https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 1023518-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 1023518-close@bugs.debian.org

Subject: Bug#1023518: fixed in nodejs 18.12.1+dfsg-1

Date: Sat, 05 Nov 2022 23:43:07 +0000

Source: nodejs
Source-Version: 18.12.1+dfsg-1
Done: Jérémy Lal <kapouer@melix.org>

We believe that the bug you reported is fixed in the latest version of
nodejs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1023518@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jérémy Lal <kapouer@melix.org> (supplier of updated nodejs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 06 Nov 2022 00:14:11 +0100
Source: nodejs
Architecture: source
Version: 18.12.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapouer@melix.org>
Closes: 1018153 1023518
Changes:
 nodejs (18.12.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 18.12.1+dfsg
   * Fixes CVE-2022-43548: DNS rebinding in --inspect via invalid
     octal IP address (Medium).
     Closes: #1023518.
   * Build using gcc-11, g++-11, fixes mips64el and riscv64 builds,
     https://github.com/nodejs/node/issues/44126
   * Patch: fix link to home in html doc. Closes: #1018153
Checksums-Sha1:
 2ab4f8476d1261fbc99437048507184394b2212e 4074 nodejs_18.12.1+dfsg-1.dsc
 dc880ffed605e768520ecdc27f5107e36492608d 252240 nodejs_18.12.1+dfsg.orig-types-node.tar.xz
 c158c50da094ea9a60c824339ab08ee454798930 25217060 nodejs_18.12.1+dfsg.orig.tar.xz
 c85859322aaaf370f63a188ce1efff386ce7c007 163312 nodejs_18.12.1+dfsg-1.debian.tar.xz
 4eadd0753e1a9406e859b59a5b7afe09582b6a36 10588 nodejs_18.12.1+dfsg-1_source.buildinfo
Checksums-Sha256:
 d99fd61f2b2e7b7192c812382e6b403474c087fccf0a1f397a1d0cabba923cb4 4074 nodejs_18.12.1+dfsg-1.dsc
 c26fad73fd49fc945a930ba93dc60f26441b405904b13ae6934152fb0bafd172 252240 nodejs_18.12.1+dfsg.orig-types-node.tar.xz
 264f27cc900386944b66b725889ecd4c8ef47784fa11d33352f4096495cbaf76 25217060 nodejs_18.12.1+dfsg.orig.tar.xz
 fef405c754bf82870a286b5cb2b830cbb522bc5e253973f8bf4278d5ba6ed692 163312 nodejs_18.12.1+dfsg-1.debian.tar.xz
 97d5c5ed02757be1d2c359a3ebe7bb75d7d7f672a6b4e395df1047fee8930d77 10588 nodejs_18.12.1+dfsg-1_source.buildinfo
Files:
 97ca0d198a06d883ba784448f3562d66 4074 javascript optional nodejs_18.12.1+dfsg-1.dsc
 77a5e7ac0b2cdd222c1dcc8b271673ac 252240 javascript optional nodejs_18.12.1+dfsg.orig-types-node.tar.xz
 fe24f15846cacf3e1951329faa06a7a6 25217060 javascript optional nodejs_18.12.1+dfsg.orig.tar.xz
 ee8d790a09807d06e09af172246992ca 163312 javascript optional nodejs_18.12.1+dfsg-1.debian.tar.xz
 dd3e5b0cb46dd12c22af829b4159f50c 10588 javascript optional nodejs_18.12.1+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmNm7msSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0jHcQAIvfLLadgNNRRLCIQgpIA4UM0GIwIKku
pvcU/R0hEw+Ica6CYqK4VuP+OiVmpSKIKDZV/23hP7uTd9DApFN1EOCmxVUAX/ww
h0sr0dR2J4VEo3G0gZ8A60/JRgHcTFb1bUn757JoJYvzmhz+miasA38xNjXYLsw1
lSyAPkgJSptPVXROV3UsE0Q8t2i1GzoUgg3Vd2JSt6wXwUJDc0zcvuzl4Ra3VTrW
uO8ogabwEX0EpW3tLxD1F0dNGLvh73xQ/kV10yqp7NABA+IRg8kbkDH0+vBxyxo8
h5pawGhj1CPbV9y6pWmI4yGc6Z9WedY5WP5WfNu2GHaFtHcid13CvXublUUXCkfP
55rUdWJWDC4ppBdKFDrWa+6mcZSTWdEic4ctwuN0zp/Crz084OPPzB/Ud3R0cck7
mpyCv86rz3RtUoIm0nvq68I4+aT0Tb7I8mkW1QZ4KOUjzeUNMJOYQvOmkhbHhJ7G
UfcvmPqSjLgcRodAMYxAWGF7/Z7t3AnburOoiKmUA33IwsBjFWyVttcuXSbEa5+N
QsvLqJYIGJqcFvDnevATy7PMvR3BCA1iOx6kMq1r6nyQZbwKUlPj7tRRbV9oBiPb
SaPwghTjQm+zneIV1NZV+y7Zu5gvsBql4u/QgozZwa/PmOBCkM+3JgqqVV7lYP/d
9Roop/XydrPS
=LVJb
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.