Accepted node-hawk 6.0.1+dfsg-1+deb10u1 (source all) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted node-hawk 6.0.1+dfsg-1+deb10u1 (source all) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 23 Dec 2022 06:30:21 +0000
- Debian: DAK
- Debian-architecture: source all
- Debian-archive-action: accept
- Debian-changes: node-hawk_6.0.1+dfsg-1+deb10u1_amd64.changes
- Debian-source: node-hawk
- Debian-suite: oldstable
- Debian-version: 6.0.1+dfsg-1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=9gMH2f5YwMjtYTw3VbFeRvRIKQ6ZMZa/VRokOXbCA+s=; b=Eb6S4lfbo0LZDvwOleeJJcjifK +vtrEzC3kjZHuO/cPfqwqsorQyeTuaT9kCQyJHn9HQDAkvfCOmOGs2YJhw/BpeoIvfq2XcPmkq2jF xfHWqzR8uKHVoXhohFtzCaXwmSzKm6nxLFqbhVtuE6FPwMtMwEfxfNH11w0PTekPaN03fjDnohphW gWJ1dyOHowXR0C7pZvwXas9HVeWsAEbh32p67X0XFV//DN/kWj+oOlqF+n10bqGScPvCRx9abBMbH wCTav76r31N7knTxBLj2Q6o12HQg8jSd5BlC4XRNBIv0cP+1qBLPiFeRowP98sFVCjV19RmR2ex2e szx1rdCw==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1p8bZV-00GddO-KW@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 23 Dec 2022 06:18:20 +0000
Source: node-hawk
Binary: node-hawk
Architecture: source all
Version: 6.0.1+dfsg-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
node-hawk - HTTP Hawk Authentication Scheme
Changes:
node-hawk (6.0.1+dfsg-1+deb10u1) buster-security; urgency=high
.
* CVE-2022-29167: Prevent an issue where Hawk used a regular expression to
parse `Host` HTTP headers which was subject to regular expression DoS
attack. Each added character in the attacker's input increased the
computation time exponentially.
* Add new runtime dependency on node-url to satisfy patch for CVE-2022-29167.
Checksums-Sha1:
3606bb45abb12379df5bca6702695c6e9955e0fb 2066 node-hawk_6.0.1+dfsg-1+deb10u1.dsc
b27abdd6520eef5996ad2de25bb47eb66d73a2cf 105988 node-hawk_6.0.1+dfsg.orig.tar.xz
a8faadea8612230991d5780156e3884bc9962cff 4008 node-hawk_6.0.1+dfsg-1+deb10u1.debian.tar.xz
f1b6701e603bba07a693019c4c706f27317c58be 21724 node-hawk_6.0.1+dfsg-1+deb10u1_all.deb
7ca6791fe0c837890d4f2c1bc60eda96f72a9e70 5788 node-hawk_6.0.1+dfsg-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
29ed3ba482d6ecc1c9d5618c8b2763bb40e6367062204711c38a43ea36197982 2066 node-hawk_6.0.1+dfsg-1+deb10u1.dsc
cc1d5d300cb7c491ff765de261c1da8d61bfd8e0cfed9947b3de5e6a0373f8b6 105988 node-hawk_6.0.1+dfsg.orig.tar.xz
e118b3ed70e8489da237eff1dca16f328f1e6aaa1cbf318a4da3cf90035240f8 4008 node-hawk_6.0.1+dfsg-1+deb10u1.debian.tar.xz
974201bc8ec5821f534a08c42ec1d883eb9b35860d4ea6517f09b4ebb0a4b7f6 21724 node-hawk_6.0.1+dfsg-1+deb10u1_all.deb
7e1ceab2ac295c7752a3ae2e3eac8a976c795b9fd44ef9c70ba3d8c4e32ee167 5788 node-hawk_6.0.1+dfsg-1+deb10u1_amd64.buildinfo
Files:
08847a645c983ef989926313fddc5bc4 2066 web optional node-hawk_6.0.1+dfsg-1+deb10u1.dsc
0c2c27e43f456c68f2b54319a03b7b55 105988 web optional node-hawk_6.0.1+dfsg.orig.tar.xz
54e0c1964b9ee2a3aaf48c2889d64ade 4008 web optional node-hawk_6.0.1+dfsg-1+deb10u1.debian.tar.xz
b77d4380ad2cd10d955c11d2c08528f9 21724 web optional node-hawk_6.0.1+dfsg-1+deb10u1_all.deb
6ff2f94995110ad13884a48a6dd691b6 5788 web optional node-hawk_6.0.1+dfsg-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmOlSdUACgkQHpU+J9Qx
HlicHxAAtjqTmG951nt7XqZOxNy+IPnx5e32yk/d7QkXzqu6wpibCASqKF04FQSC
8+5+++iB0B4lMDLDZPGtftn1QUfSFVFzjTT5mOWX4/Pk3s0UCRW33wnJ2JIKv9KW
WnCtqs1BAdUQHsh2PeKWs4CYdSRv+fDfoa4X3/pFHMyCYEoOMX8goOqdJJaCiyAz
TE6YfbeDqDf6iYl9NnBqV+YHjmIf+veRr6hKM4Xk/j4Aw0KL97NMGF5q36JwRJ3m
Z0BqPhyDZC2mkbwJOyy2qTisfnvycgXHyce/nUrUM2XnBRJtNg+wFvjJBtV73syE
ZWAl12oW90DHiK6nm8smd0tGg+8J0a7gSdWoMd/z2KVdlPgNRG5vlYyW3Lb6hIg4
WmKPIynYFBG6iFXnhur0hHZDluaxGWOuMtHXvnZB4Se3ng6QtOAIR/6Er11Vtiyh
04q7EsL9DDgjsOuMPNO+AIc0tD3xcUe/L15DQbwFvf/9jaxG9nEIXIzihhnSmXnr
6B4MAJ17zVwCT3DUdtLdB03tntcwH+FKnuhiqx/LuuViCJGdoOeIA9R+LIWE9jB3
j/z+E8TWK7yxOM9byzW6/37WtPD1uBX4EAVtHWe39XQKSklHHlTw1R1+Zt/h/AIT
HLZwcx6gqtVQggbDOQkadXplWhWy6E1dyowZ9dDIUCYanLySz90=
=W7Af
-----END PGP SIGNATURE-----