- Package:
- src:node-cipher-base
- Source:
- src:node-cipher-base
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2025-08-27 20:13:04 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerability was published for node-cipher-base. CVE-2025-9287[0]: | Improper Input Validation vulnerability in cipher-base allows Input | Data Manipulation.This issue affects cipher-base: through 1.0.4. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-9287 https://www.cve.org/CVERecord?id=CVE-2025-9287 [1] https://github.com/browserify/cipher-base/pull/23 [2] https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc [3] https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294 Regards, Salvatore
Hello, Bug #1111772 in node-cipher-base reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/js-team/node-cipher-base/-/commit/cf807bd2d1231b44a846ae97d5a65d079481c210 (this message was generated automatically) -- Greetings https://bugs.debian.org/1111772
Hello, Bug #1111772 in node-cipher-base reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/js-team/node-cipher-base/-/commit/cf807bd2d1231b44a846ae97d5a65d079481c210 (this message was generated automatically) -- Greetings https://bugs.debian.org/1111772
We believe that the bug you reported is fixed in the latest version of node-cipher-base, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1111772@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd <yadd@debian.org> (supplier of updated node-cipher-base package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) Format: 1.8 Date: Thu, 21 Aug 2025 23:59:58 +0200 Source: node-cipher-base Architecture: source Version: 1.0.6-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org> Changed-By: Yadd <yadd@debian.org> Closes: 1111772 Changes: node-cipher-base (1.0.6-1) unstable; urgency=medium . * Team upload * Declare compliance with policy 4.7.2 * debian/watch: version 5 * New upstream version (Closes: #1111772, CVE-2025-9287) Checksums-Sha1: 3c094738ebe6d468613b3294663d63d50600e5de 2148 node-cipher-base_1.0.6-1.dsc e9bf8903fbcaf1c0406d9c10c043234f40ee7c3f 6995 node-cipher-base_1.0.6.orig.tar.gz 655fe4d1acefaa3253f5d6633cb374976f935ad8 2848 node-cipher-base_1.0.6-1.debian.tar.xz Checksums-Sha256: 0a8911a37ae20f060d859f78c7cad96d126d5cc7d150bb837adc35f823497b0a 2148 node-cipher-base_1.0.6-1.dsc cb81d2bae67ef1b61fb33018e7edd9e75ba5832324684e2546477ec7e5ddf856 6995 node-cipher-base_1.0.6.orig.tar.gz 505cbc24d4b2f38bca18ea8616201133c22b906d5d0436c5e19e20d084ee3957 2848 node-cipher-base_1.0.6-1.debian.tar.xz Files: 49de4f8f715c72b1763fe6277d427700 2148 javascript optional node-cipher-base_1.0.6-1.dsc b79c524140cfab17d9ea5ae85067411e 6995 javascript optional node-cipher-base_1.0.6.orig.tar.gz ed28b560680eb06555b4af0676214aaa 2848 javascript optional node-cipher-base_1.0.6-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAminl5QACgkQ9tdMp8mZ 7unQ5g//duRdiLEG2dBA2gJqB6HdavaRgrCZE+Lr8NnemJFu3DsgZWoKpDXshPp2 JKECvht2EHGHQNVjtLNnSCQ9idvyGyDCaJT4OVOScHdDzRGUnkB/j/8WqJQVTgUU zSWFi4b0DHR5i8jcLuB778VaGM6QvRhF+6k5LGKicoPXQyHoaeW1/zX46e5L7cVq YfnhbO+wcCBi38nAG8l7yVlq1hsWu0WwzEQU4iRkTstrVBZNK+SIpKprkdHCrQWm H/QT7WLOUO4ztZvFtNrsizQ9n8UD1xNZKJhK1LqFfxV1cUo4onqvjH0HHJYte6D2 I+BRWW+gD28xdpXOUmdV3HuIfM4zzbA4OMaOhR3ImoRaDaCfg0UukckKOsXo6DWe X6Uv67UbGSoGUnXg+m/BVe7nBklz1CXOsRp1g9vEYe775UnEcRFHdLI9StgcCkX+ 59uH6r6YShAVn7U99hdd5fMPLBdaqoITKgqEMCoS2yjeaX/T0f3q8pOgzua91S/U PEbz9ky+MQMnlnLIvQ0avN4JMZ2HXRHIF0CcSAjmDuVLoAbTeGBy/TZPVKMPh/SL bHcidw11U347MxjVXELbGDPcIlHoCWmqj1ZXT8wPSS4VrDfQij9m8AgKjcxAQLJr ePmn65lmTO+REs9HF0xjyGR52KOgHUGkwwvC3FSKAyhmzDNQECc= =KM1e -----END PGP SIGNATURE-----
Hello, Bug #1111772 in node-cipher-base reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/js-team/node-cipher-base/-/commit/329fb87df15dc30119f135cc72303af477968ef2 (this message was generated automatically) -- Greetings https://bugs.debian.org/1111772
We believe that the bug you reported is fixed in the latest version of
node-cipher-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1111772@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <yadd@debian.org> (supplier of updated node-cipher-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Fri, 22 Aug 2025 11:32:07 +0200
Source: node-cipher-base
Binary: node-cipher-base
Architecture: source all
Version: 1.0.4-6+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Yadd <yadd@debian.org>
Description:
node-cipher-base - abstract base class for crypto-streams
Closes: 1111772
Changes:
node-cipher-base (1.0.4-6+deb12u1) bookworm-security; urgency=medium
.
* Team upload
* Add patch to return valid values on multi-byte-wide TypedArray input
(Closes: #1111772: node-cipher-base: CVE-2025-9287)
Checksums-Sha1:
5cf965018d62ffca449cd7d8659b2e66a1b71e33 2180 node-cipher-base_1.0.4-6+deb12u1.dsc
3da66fc120b6522311987b1c3217163d04f51607 3157 node-cipher-base_1.0.4.orig.tar.gz
00723e77ea2663f0720d1343c73070ca8ce5bd71 4256 node-cipher-base_1.0.4-6+deb12u1.debian.tar.xz
4dfce29d0163ad2abbb5111599f5dbacd3853e74 4768 node-cipher-base_1.0.4-6+deb12u1_all.deb
831280e6da7d0101a4d05a837599f754621627a3 16100 node-cipher-base_1.0.4-6+deb12u1_amd64.buildinfo
Checksums-Sha256:
771290ca365ebf7f30c9e2a3ead3fcfc2a80928d9958cd8dd76786e9cc7f1c2a 2180 node-cipher-base_1.0.4-6+deb12u1.dsc
d574497c85fdb7c294f7151cbe668c3b598c59389d953dc0ab22da899b2584a7 3157 node-cipher-base_1.0.4.orig.tar.gz
62912bd3f213101c3bed3d364a6dc4cda126145f063f840083caadad34dcfc0e 4256 node-cipher-base_1.0.4-6+deb12u1.debian.tar.xz
d27bd00246119cda1bac753899e33dc09cd2151ff1b45aaf8acb93259be9ca89 4768 node-cipher-base_1.0.4-6+deb12u1_all.deb
ab31d6a6e9f1d0b5b62de91d0905e7f52f9714f3a54af8976b519b0887faa1c4 16100 node-cipher-base_1.0.4-6+deb12u1_amd64.buildinfo
Files:
89bd803272df6a32b1680501e3582b4a 2180 javascript optional node-cipher-base_1.0.4-6+deb12u1.dsc
d05b89861c1643228c603ef4b76ec085 3157 javascript optional node-cipher-base_1.0.4.orig.tar.gz
209f2f944aa89d59e21f3591a1e6d658 4256 javascript optional node-cipher-base_1.0.4-6+deb12u1.debian.tar.xz
c473e3cb946043e566cb6421db9e39f3 4768 javascript optional node-cipher-base_1.0.4-6+deb12u1_all.deb
d3b732c616372556f84fc44fb405afe6 16100 javascript optional node-cipher-base_1.0.4-6+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmioSAYACgkQ9tdMp8mZ
7unv0w/+Jf0AZ61uFSHhj+eihTNpMiweWX09gwm26/vbgMPR6FgUdMtatnRgbnUh
Xd3+6YjPzOwKreBXFaQdd4NPMzK/xDPgSeZTZQgoLDQZ1z/4VKVaMVS5g/5J8gmR
10MN7K299nd6rv4Kr0ywIVzNp1866pPS4DtblWvScy6aCS6vgqYfbYus703c8tkF
WA2+g+H/42aXiWNwZLekK9qLV37+bgtHlYM2C26+9QBdNa8IZ35f1tfT0UuKXYhk
K1cP6ftbsjCVzAN41Fw3OtBajCHCuZGlg8Tix88cBLD6lyG/VRdxqHS7QeU7z/Gc
wSyv2k3xdVj0Ry2ZDs78MpUwDlejV7+8qYdNxqYr6K1em8pzSzf7Hg/LejHRMLD7
t0+abIIL9do47gwXrUa5HIfGMjl7Q8fR0rr+lSqvIflN45Bc3eTI+5rMVGhm9bez
XzKYPcFvvS4kOCZMWzg6Bk0wD5hrvXDL2XOdlG8kN9srn03i+ux7J7Y33IgFZBDc
8tdtn2bGnq+bFZ790cJYaY8qMgkgc+rimb3lEoLsBRwjSVX/MldEpl2nbSZTM77h
poYfCNdZ7dc/yLcPAL4z0zrG6KX80LgWlx7i8+UmFlGF2+LsCrCzH69JoZcpObig
mXyVkdiXNGA+JDXZCTLX38y31NN/t61g2+2xW35a2bD6dC9Sunk=
=8+7p
-----END PGP SIGNATURE-----
We believe that the bug you reported is fixed in the latest version of
node-cipher-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1111772@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <yadd@debian.org> (supplier of updated node-cipher-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Fri, 22 Aug 2025 00:17:05 +0200
Source: node-cipher-base
Binary: node-cipher-base
Architecture: source all
Version: 1.0.4-6+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Yadd <yadd@debian.org>
Description:
node-cipher-base - abstract base class for crypto-streams
Closes: 1111772
Changes:
node-cipher-base (1.0.4-6+deb13u1) trixie-security; urgency=medium
.
* Team upload
* Add patch to return valid values on multi-byte-wide TypedArray input
(Closes: #1111772: node-cipher-base: CVE-2025-9287)
Checksums-Sha1:
9685971bb45a7e48f5748b3d7e42d0d153376fdb 2180 node-cipher-base_1.0.4-6+deb13u1.dsc
bb3bfbd5f5a250c60c2bfb22a1963aac6c9b320e 4248 node-cipher-base_1.0.4-6+deb13u1.debian.tar.xz
89b595b32c660b5b1d17590b208d6b9db23ba451 4776 node-cipher-base_1.0.4-6+deb13u1_all.deb
39f89eee1afe48d7aa11710b136d78e8a47d181f 15446 node-cipher-base_1.0.4-6+deb13u1_amd64.buildinfo
Checksums-Sha256:
1ec08f0f98e7635a4e613f1f66979ff4e90b00eb4a6263e75028bccfebc13a0b 2180 node-cipher-base_1.0.4-6+deb13u1.dsc
6bf3707d557489fed2aa1282ae3563c433d91c277f1c3d41cccd1114fff8b978 4248 node-cipher-base_1.0.4-6+deb13u1.debian.tar.xz
a5a4f37a6ac913bb11176f5344676b78734df9cf1e18d3127b3f232bdca92d03 4776 node-cipher-base_1.0.4-6+deb13u1_all.deb
92ab8a3103769e7c4fcadb533db0f2ac417aaa773ae39671103c7aa771bca90f 15446 node-cipher-base_1.0.4-6+deb13u1_amd64.buildinfo
Files:
f5d0e4df82a12fa18e50638b9ad3f5f2 2180 javascript optional node-cipher-base_1.0.4-6+deb13u1.dsc
67504c593c3fcd990a959a80b5560587 4248 javascript optional node-cipher-base_1.0.4-6+deb13u1.debian.tar.xz
d7c83807f6875ac24db108b060f4197b 4776 javascript optional node-cipher-base_1.0.4-6+deb13u1_all.deb
e0172fd7e69c7d5525e71b1a2ce1265d 15446 javascript optional node-cipher-base_1.0.4-6+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmioSJoACgkQ9tdMp8mZ
7uk/fA/9FQmXYuBWMyeZQ/fQVvaS1nIK4I5cGUPV+LFDMQNguEBO5jS5c0uXeYzy
ixk0VIznze6PvjdsAJOniaHFA0mxVN+kiG+pAUETjlhCSY5fPgtEfRP/XvOkv1Fs
T18E+2WZOJmeSh3h1Gef7U4fuA+5wR66JYIs4GcxOlG0rd4NX7gjx1bcYFfF4ToM
YIPIRqR0eontMq4tp29DIl+jungATgWw8Q7hRRGBL3ZxpIkf3zCDtDS3iUaSEQ02
PqnYjJT7hon1Sy3Xqy3EZabAXjl34hzwdNaqTY/UkXPynkdKZgHbuJ9eHBPzTAw6
nN2uW2Or8oqTobWq+Azzhc6zoVxydlwlMHWoVFQxfcqKdwbBXZCIsB59XbzJesR5
6O8iwSbp/1gBB5EAItyZ7e3hVEY/EbHZ+xzjmWe7oe9S+ncEwZBtrNdxWGLAb5eU
P2i0m3WkcnstjkcSkFGsnH3CK4VT9d0d8ZQF556skQEQuHUv6VML/WOxft238jQY
Q21C9y6Zqm8lJfFN+j6P/uW7wyVYPmclKtLtUr/XlliE8d167kgvlOdiThjG2t5O
bYeeWx0korDZG/vGYa7r9+S7T4bfczHsUx4OBSY+malca6DbU97z7frggUoqzUC/
iKbvCSqJgg2CVCfkz2EYNS+Bw3t0jcBrYl+doQToEKNNN79jATU=
=yFGo
-----END PGP SIGNATURE-----