Launchpad itself

Ubuntu Installer Announcement contains incorrect component

Bug #1787018 reported by Mike Salvatore
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
New
Undecided
Unassigned

Bug Description

This morning I uploaded a security fix for nodejs to the security pocket for bionic. Node.js is a universe package but the announcement states that it has been uploaded to main. See below:

nodejs (8.10.0~dfsg-2ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 DoS vulnerability
    - debian/patches/CVE-2018-7161.patch: An attacker can cause a denial of
       service (DoS) by causing a node server providing an http2 server to
       crash by triggering a cleanup bug (use after free).
    - CVE-2018-7161
  * Fix test failures due to expired certificates
    - debian/patches/regen-test-certs.patch: test: update certificates and
      private keys.

Date: 2018-08-13 19:15:11.767261+00:00
Changed-By: Mike Salvatore <email address hidden>
https://launchpad.net/ubuntu/+source/nodejs/8.10.0~dfsg-2ubuntu0.2

==

 OK: nodejs_8.10.0~dfsg.orig.tar.gz
 OK: nodejs_8.10.0~dfsg-2ubuntu0.2.debian.tar.xz
 OK: nodejs_8.10.0~dfsg-2ubuntu0.2.dsc
     -> Component: main Section: javascript

Announcing to <email address hidden>

Thank you for your contribution to Ubuntu.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.