Debian Bug report logs -
#838618
node-cookie-signature: CVE-2016-1000236
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 23 Sep 2016 05:15:01 UTC
Severity: important
Tags: patch, security, upstream
Found in version node-cookie-signature/1.0.3-1
Fixed in version node-cookie-signature/1.1.0-1
Done: Xavier Guimard <yadd@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>:
Bug#838618; Package src:node-cookie-signature.
(Fri, 23 Sep 2016 05:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>.
(Fri, 23 Sep 2016 05:15:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: node-cookie-signature
Version: 1.0.3-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for node-cookie-signature.
CVE-2016-1000236[0]:
Timing attack vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-1000236
Regards,
Salvatore
Reply sent
to Xavier Guimard <yadd@debian.org>:
You have taken responsibility.
(Wed, 20 Feb 2019 06:09:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 20 Feb 2019 06:09:04 GMT) (full text, mbox, link).
Message #10 received at 838618-close@bugs.debian.org (full text, mbox, reply):
Source: node-cookie-signature
Source-Version: 1.1.0-1
We believe that the bug you reported is fixed in the latest version of
node-cookie-signature, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 838618@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <yadd@debian.org> (supplier of updated node-cookie-signature package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 20 Feb 2019 06:49:14 +0100
Source: node-cookie-signature
Architecture: source
Version: 1.1.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Xavier Guimard <yadd@debian.org>
Closes: 838618 894935
Changes:
node-cookie-signature (1.1.0-1) unstable; urgency=medium
.
* Team upload
* Bump debhelper compatibility level to 11
* Declare compliance with policy 4.3.0
* Change section to javascript
* Change priority to optional
* Fix VCS fields
* Fix d/copyright format
* Switch test to pkg-js-tools (Closes: #894935)
* New upstream version 1.1.0 (Closes: #838618)
Checksums-Sha1:
8bc498e98d6c3fd0644e88c52f7f938d8906e1fa 2142 node-cookie-signature_1.1.0-1.dsc
9a2f3f43bdd91e00e1d2c9b2d121236dcc34ff28 2512 node-cookie-signature_1.1.0.orig.tar.gz
a1cee30f7a490da3fe19975bea53e9584477174f 2280 node-cookie-signature_1.1.0-1.debian.tar.xz
Checksums-Sha256:
6b7d1d0ac82fdec02a11a3e279026c77e347bc5515b2d48910d4c35da7e2efa0 2142 node-cookie-signature_1.1.0-1.dsc
899d46b9effb53650605031e30edcdde7e877065761c015cb8378a560b7453a5 2512 node-cookie-signature_1.1.0.orig.tar.gz
cc4ff22f09242f5de1614bbf8e8263eaf2099cd9ed204194d0610f83e96fe655 2280 node-cookie-signature_1.1.0-1.debian.tar.xz
Files:
85d2717a237a18174089a433cab5e379 2142 javascript optional node-cookie-signature_1.1.0-1.dsc
26fc871cc40d9c4f006176eea26b91e6 2512 javascript optional node-cookie-signature_1.1.0.orig.tar.gz
5b1f5304e9994dfcca8eb1a40a74aa2d 2280 javascript optional node-cookie-signature_1.1.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAlxs60gACgkQ9tdMp8mZ
7um6lg/+LR8Adab5GhA1t++pcC4begcXxqDYrxseTQfdwhwb8i/RX0CMdWw5nXPG
KblSWiXWGX7iCduV++Q9ma3pVernWzDBNvT58UNaHnQ42E/kdNkvC6kYjY4JJ4j6
+tkcGMc4lfbAfDMC5w80SJNUjq+SvRI2zhajuimyohnl7k57Ale4HU8yarIqOEDC
HTA/e8woIp0ql00svKNDmrDZylzIQmoGvoAs5jZby0JM2s/nXObDExoQCjxK16J+
dcrLsB4Lk956jymlVdvriLemTe2RQRpz1k1JKawBzjFmfYRkEZ7GMUueggYZsFc+
Tc2p9mpfitMz34gDrOGenTTlByBiHkCgG/vt4M07gjoTNiBEv/i3rBS19DgcXIl3
KRYdiwy8tS8xesnHEDHhXsQgTsP1LW43ygjTWGHCNgdNUWyE/FsRNn5UkNK2ZGZq
kOaxFDnBaPApI/+Lxkqic9RJHNvQp1S/SGu6PP47DqVU4LTZesU/XnH5dfsS7jk3
09vgvwhtGGwoAEArfN60n0e/WoasjO8k9UThcCZDCdERHgBuRUYlKkspeR3HBDAG
z0qLDLbsJ/wyTQrsz94fbgCSHxYwQvJaXhIwpHXU2Pn1nn616+Zk1QmAwOtcefwJ
ZNxgtKsBb8PFD/w0tAQEuT+j3osEOUwbRDfaYxvzYqP0+/HpniM=
=NGLi
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 30 Mar 2019 07:25:51 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:19:14 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon