Your message dated Sat, 01 Aug 2020 12:51:28 +0100 with message-id <43535efb498a168cf81452ca0c326f004f46adc6.camel@adam-barratt.org.uk> and subject line Closing bugs for fixes included in 10.5 point release has caused the Debian Bug report #960575, regarding buster-pu: package node-dot-prop/4.1.1-1+deb10u2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 960575: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960575 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package node-dot-prop/4.1.1-1+deb10u2
- From: Xavier Guimard <yadd@debian.org>
- Date: Thu, 14 May 2020 09:45:33 +0200
- Message-id: <158944233312.210824.4885979928797033577.reportbug@deb007.xnr.fr>
Package: release.debian.org Severity: normal Tags: buster User: release.debian.org@packages.debian.org Usertags: pu Hi, CVE-2020-8116 fix introduced a regression that affects npm (#960283). This little fix solves the problem. Cheers, Xavierdiff --git a/debian/changelog b/debian/changelog index f7509b9..9b6d599 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +node-dot-prop (4.1.1-1+deb10u2) buster; urgency=medium + + * Fix regression introduced in CVE-2020-8116 fix (Closes: #960283) + + -- Xavier Guimard <yadd@debian.org> Thu, 14 May 2020 09:42:34 +0200 + node-dot-prop (4.1.1-1+deb10u1) buster; urgency=medium * Team upload diff --git a/debian/patches/CVE-2020-8116.diff b/debian/patches/CVE-2020-8116.diff index b7d34f1..6d11ff8 100644 --- a/debian/patches/CVE-2020-8116.diff +++ b/debian/patches/CVE-2020-8116.diff @@ -38,7 +38,7 @@ Last-Update: 2020-02-06 } const pathArr = getPathSegments(path); -+ if (pathArray.length === 0) { ++ if (pathArr.length === 0) { + return; + } @@ -48,7 +48,7 @@ Last-Update: 2020-02-06 } const pathArr = getPathSegments(path); -+ if (pathArray.length === 0) { ++ if (pathArr.length === 0) { + return; + } @@ -58,7 +58,7 @@ Last-Update: 2020-02-06 } const pathArr = getPathSegments(path); -+ if (pathArray.length === 0) { ++ if (pathArr.length === 0) { + return; + }
--- End Message ---
--- Begin Message ---
- To: 931678-done@bugs.debian.org, 947351-done@bugs.debian.org, 947758-done@bugs.debian.org, 948652-done@bugs.debian.org, 953763-done@bugs.debian.org, 954020-done@bugs.debian.org, 954716-done@bugs.debian.org, 959661-done@bugs.debian.org, 959890-done@bugs.debian.org, 960020-done@bugs.debian.org, 960376-done@bugs.debian.org, 960395-done@bugs.debian.org, 960575-done@bugs.debian.org, 960600-done@bugs.debian.org, 960804-done@bugs.debian.org, 960806-done@bugs.debian.org, 960836-done@bugs.debian.org, 960885-done@bugs.debian.org, 960974-done@bugs.debian.org, 961019-done@bugs.debian.org, 961212-done@bugs.debian.org, 961275-done@bugs.debian.org, 961379-done@bugs.debian.org, 961439-done@bugs.debian.org, 961441-done@bugs.debian.org, 961514-done@bugs.debian.org, 961803-done@bugs.debian.org, 961833-done@bugs.debian.org, 961921-done@bugs.debian.org, 961936-done@bugs.debian.org, 961944-done@bugs.debian.org, 961978-done@bugs.debian.org, 962059-done@bugs.debian.org, 962067-done@bugs.debian.org, 962160-done@bugs.debian.org, 962227-done@bugs.debian.org, 962237-done@bugs.debian.org, 962255-done@bugs.debian.org, 962306-done@bugs.debian.org, 962982-done@bugs.debian.org, 963024-done@bugs.debian.org, 963267-done@bugs.debian.org, 963591-done@bugs.debian.org, 963595-done@bugs.debian.org, 963694-done@bugs.debian.org, 963796-done@bugs.debian.org, 963940-done@bugs.debian.org, 963986-done@bugs.debian.org, 964146-done@bugs.debian.org, 964158-done@bugs.debian.org, 964228-done@bugs.debian.org, 964338-done@bugs.debian.org, 964346-done@bugs.debian.org, 964350-done@bugs.debian.org, 964397-done@bugs.debian.org, 964412-done@bugs.debian.org, 964417-done@bugs.debian.org, 964422-done@bugs.debian.org, 964435-done@bugs.debian.org, 964574-done@bugs.debian.org, 964589-done@bugs.debian.org, 964712-done@bugs.debian.org, 964714-done@bugs.debian.org, 964715-done@bugs.debian.org, 964726-done@bugs.debian.org, 964740-done@bugs.debian.org, 964792-done@bugs.debian.org, 964807-done@bugs.debian.org, 964808-done@bugs.debian.org, 964860-done@bugs.debian.org, 964868-done@bugs.debian.org, 964898-done@bugs.debian.org, 964986-done@bugs.debian.org, 965116-done@bugs.debian.org, 965117-done@bugs.debian.org, 965257-done@bugs.debian.org, 965377-done@bugs.debian.org, 966151-done@bugs.debian.org, 966213-done@bugs.debian.org, 966247-done@bugs.debian.org, 966272-done@bugs.debian.org, 966310-done@bugs.debian.org
- Subject: Closing bugs for fixes included in 10.5 point release
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 01 Aug 2020 12:51:28 +0100
- Message-id: <43535efb498a168cf81452ca0c326f004f46adc6.camel@adam-barratt.org.uk>
Package: release.debian.org Version: 10.5 Hi, Each of these bugs relates to an update that was included in today's stable point release. Regards, Adam
--- End Message ---