1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL.RELEAS

  • Bug#1110154: unblock: node-form-data/4.0.1-2

    From Adrian Bunk@21:1/5 to All on Wed Jul 30 23:10:01 2025
    XPost: linux.debian.bugs.dist

    This is a multi-part MIME message sent by reportbug.


    Package: release.debian.org
    Severity: normal
    X-Debbugs-Cc: [email protected]
    Control: affects -1 + src:node-form-data
    User: [email protected]
    Usertags: unblock

    Please unblock package node-form-data

    CVE-2025-7783 fix (with a typo in the changelog),
    already accepted for bookworm-pu in #1109819.

    Other changes are Standards-Version and running more tests,
    the latter succeeded in unstable.

    unblock node-form-data/4.0.1-2

    diffstat for node-form-data-4.0.1 node-form-data-4.0.1

    changelog | 10 ++++
    clean | 1
    control | 2
    patches/CVE-2025-7783.patch | 94 ++++++++++++++++++++++++++++++++++++++++++++
    patches/series | 1
    tests/pkg-js/test | 25 +++++++++++
    6 files changed, 131 insertions(+), 2 deletions(-)

    diff -Nru node-form-data-4.0.1/debian/changelog node-form-data-4.0.1/debian/changelog
    --- node-form-data-4.0.1/debian/changelog 2024-10-14 13:25:40.000000000 +0300
    +++ node-form-data-4.0.1/debian/changelog 2025-07-24 13:45:56.000000000 +0300
    @@ -1,3 +1,13 @@
    +node-form-data (4.0.1-2) unstable; urgency=medium
    +
    + * Team upload
    + * Declare compliance with policy 4.7.2
    + * Fix "Insufficiently Random Values vulnerability"
    + (Closes: #1109551, CVE-2025-778)
    + * Launch more tests
    +
    + -- Yadd <[email protected]> Thu, 24 Jul 2025 12:45:56 +0200
    +
    node-form-data (4.0.1-1) unstable; urgency=medium

    * Team upload
    diff -Nru node-form-data-4.0.1/debian/clean node-form-data-4.0.1/debian/clean --- node-form-data-4.0.1/debian/clean 1970-01-01 02:00:00.000000000 +0200
    +++ node-form-data-4.0.1/debian/clean 2025-07-24 12:59:09.000000000 +0300
    @@ -0,0 +1 @@
    +test/tmp/
    diff -Nru node-form-data-4.0.1/debian/control node-form-data-4.0.1/debian/control
    --- node-form-data-4.0.1/debian/control 2024-10-14 13:24:23.000000000 +0300
    +++ node-form-data-4.0.1/debian/control 2025-07-24 12:40:3
  • From Adrian Bunk@21:1/5 to Ivo De Decker on Wed Jul 30 23:40:01 2025
    XPost: linux.debian.bugs.dist

    On Wed, Jul 30, 2025 at 09:33:32PM +0000, Ivo De Decker wrote:
    Hi,

    Hi Ivo,

    On Wed, Jul 30, 2025 at 09:07:14PM +0000, Adrian Bunk wrote:
    ...
    CVE-2025-7783 fix (with a typo in the changelog),
    already accepted for bookworm-pu in #1109819.

    Can you update the info in the security tracker for CVE-2025-7783? This version isn't listed as fixing it (probably due to the typo).

    already done: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1e878c9cdcd66744fe66bb619670d17de96a71

    Thanks,

    Ivo

    cu
    Adrian

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ivo De Decker@21:1/5 to Adrian Bunk on Wed Jul 30 23:50:01 2025
    XPost: linux.debian.bugs.dist

    Hi Adrian,

    On Thu, Jul 31, 2025 at 12:35:23AM +0300, Adrian Bunk wrote:
    Can you update the info in the security tracker for CVE-2025-7783? This version isn't listed as fixing it (probably due to the typo).

    already done: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab1e878c9cdcd66744fe66bb619670d17de96a71

    OK, thanks!

    Ivo

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to Adrian Bunk on Wed Jul 30 23:40:01 2025
    This is a multi-part message in MIME format...

    Your message dated Wed, 30 Jul 2025 21:33:32 +0000
    with message-id <[email protected]>
    and subject line Re: unblock: node-form-data/4.0.1-2
    has caused the Debian Bug report #1110154,
    regarding unblock: node-form-data/4.0.1-2
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1110154: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110154
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 30 Jul 2025 21:07:17 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-130.2 required=4.0 tests=BAYES_00,
    BODY_INCLUDES_CONTROL_AFFECTS,BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH,
    DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FROMDEVELOPER,
    HAS_PACKAGE,SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,
    USER_IN_DKIM_WELCOMELIST,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 15; hammy, 150; neutral, 408; spammy,
    0. spammytokens:
    hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
    0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
    0.000-+--H*RT:311, 0.000-+--H*RT:108
    Return-path: <[email protected]>
    Received: