[ubuntu/questing-proposed] node-sha.js 2.4.11+~2.4.0-2ubuntu1 (Accepted)

Edwin Jiang edwin.jiang at canonical.com
Thu Sep 25 13:55:36 UTC 2025 

node-sha.js (2.4.11+~2.4.0-2ubuntu1) questing; urgency=medium

  * SECURITY UPDATE: improper input validation
    - debian/patches/CVE-2025-9288-1.patch: Validate input types in hash.js.
    - debian/patches/CVE-2025-9288-2.patch: Embed to-buffer.js and its
      dependencies in node_modules.
    - debian/control: Add node-get-intrinsic, node-isarray, and
      node-is-typed-array to Depends.
    - debian/copyright: Add copyright details for embedded Node modules.
    - debian/install: Install embedded Node modules.
    - CVE-2025-9288

Date: Tue, 23 Sep 2025 14:34:31 +0000
Changed-By: Edwin Jiang <edwin.jiang at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/node-sha.js/2.4.11+~2.4.0-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 23 Sep 2025 14:34:31 +0000
Source: node-sha.js
Built-For-Profiles: noudeb
Architecture: source
Version: 2.4.11+~2.4.0-2ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Edwin Jiang <edwin.jiang at canonical.com>
Changes:
 node-sha.js (2.4.11+~2.4.0-2ubuntu1) questing; urgency=medium
 .
   * SECURITY UPDATE: improper input validation
     - debian/patches/CVE-2025-9288-1.patch: Validate input types in hash.js.
     - debian/patches/CVE-2025-9288-2.patch: Embed to-buffer.js and its
       dependencies in node_modules.
     - debian/control: Add node-get-intrinsic, node-isarray, and
       node-is-typed-array to Depends.
     - debian/copyright: Add copyright details for embedded Node modules.
     - debian/install: Install embedded Node modules.
     - CVE-2025-9288
Checksums-Sha1:
 850296d88f81f179945f4c7e40e4fa561a709483 2621 node-sha.js_2.4.11+~2.4.0-2ubuntu1.dsc
 56c8304aa0c1d87569c9cdfc2f0e86482439d898 8404 node-sha.js_2.4.11+~2.4.0-2ubuntu1.debian.tar.xz
 8ee503f04a5d5bc518dfd4ed8ce3017c30a7f90f 16285 node-sha.js_2.4.11+~2.4.0-2ubuntu1_source.buildinfo
Checksums-Sha256:
 183cc24027c68467ddebf998365e42475d1aac73e019c9f89c6b67607a8d8f15 2621 node-sha.js_2.4.11+~2.4.0-2ubuntu1.dsc
 f7b168c01a2cc0affc601c295797e2bae3da1c3d405a44f4566a150b72d51599 8404 node-sha.js_2.4.11+~2.4.0-2ubuntu1.debian.tar.xz
 89cf2fb6ad9532b6dd9a524374e6346d16ddad930c6a783bad0f1575e766f1e7 16285 node-sha.js_2.4.11+~2.4.0-2ubuntu1_source.buildinfo
Files:
 395fc95c086ee12fffd3af65d3c5c049 2621 javascript optional node-sha.js_2.4.11+~2.4.0-2ubuntu1.dsc
 0492164f40d988134c3cc98274b663b8 8404 javascript optional node-sha.js_2.4.11+~2.4.0-2ubuntu1.debian.tar.xz
 6bac41d73140e7b07b7db2f3d4cfadc2 16285 javascript optional node-sha.js_2.4.11+~2.4.0-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at lists.alioth.debian.org>

More information about the Questing-changes mailing list