[Pkg-javascript-devel] Bug#863575: unblock: node-concat-stream/1.5.1-2
Ross Gammon
rossgammon at mail.dk
Sun May 28 20:07:44 UTC 2017
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
Please unblock package node-concat-stream
Node-concat-stream is vunerable to Uninitialized Memory Exposure (CWE-201).
This was reported in bug https://bugs.debian.org/cgi-
bin/bugreport.cgi?archive=no&bug=863481. This was fixed upstream, and a version
of the fixing commit is included in this version as a patch. The patch has been
tested with the upstream testsuite, which unfortunately has to be disabled as
the testing framework (node-tape) does not exist in testing.
More information can be found in the attached debdiff (between tesing &
unstable), in the patch description.
unblock node-concat-stream/1.5.1-2
-- System Information:
Debian Release: stretch/sid
APT prefers yakkety-updates
APT policy: (500, 'yakkety-updates'), (500, 'yakkety-security'), (500,
'yakkety'), (100, 'yakkety-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.4.0-24-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: node-concat-stream_1.5.1-2.debdiff
Type: text/x-diff
Size: 5486 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20170528/1a0fdac8/attachment.diff>
More information about the Pkg-javascript-devel
mailing list