-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jul 2024 17:36:33 +0200
Source: nodejs
Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym
Architecture: arm64
Version: 18.20.4+dfsg-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Jérémy Lal <kapouer@melix.org>
Description:
 libnode-dev - evented I/O for V8 javascript (development files)
 libnode108 - evented I/O for V8 javascript - runtime library
 nodejs     - evented I/O for V8 javascript - runtime executable
Closes: 922075 1074047 1076350 1086652
Changes:
 nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 18.20.4+dfsg. Closes: #1074047.
   * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14
     for compatibility with other packages.
   * test-runner-output is flaky on slow platforms
   * Disable test-cluster-primary-* flaky/hanging tests.
   * Fix test failing with openssl 3.0.14. Closes: #1086652.
   * CVE-2024-22020: Bypass network import restriction via data URL (Medium)
   * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
   * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session()
     leads to HTTP/2 server crash (High)
   * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium)
   * CVE-2024-22025: Denial of Service by resource exhaustion in fetch()
     brotli decoding (Medium)
   * CVE-2024-21892: Code injection and privilege escalation
     through Linux capabilities (High)
   * CVE-2024-22019: Reading unprocessed HTTP request with
     unbounded chunk extension allows DoS attacks (High)
   * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium)
   * Static link on 32bits architecture libuv. Closes: #922075, #1076350.
     Thanks to Bastien Roucariès.
Checksums-Sha1:
 f98f0850b04d4187ffd87800277b7ccba33a3a8b 511368 libnode-dev_18.20.4+dfsg-1~deb12u1_arm64.deb
 6f134040b74de92d5431205a2f7d392e0285c056 883068976 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_arm64.deb
 cca35586cf976607d5e003cd316683b18967b8f9 9564564 libnode108_18.20.4+dfsg-1~deb12u1_arm64.deb
 1864ce6271f76f06f73a31fd122fdcac114a9b57 68856 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_arm64.deb
 d662f2005666727dbd70bace24d526411519e672 11073 nodejs_18.20.4+dfsg-1~deb12u1_arm64-buildd.buildinfo
 efaafa5896b9ff16cf4ffffef86394b49a596693 319356 nodejs_18.20.4+dfsg-1~deb12u1_arm64.deb
Checksums-Sha256:
 eb5ba5a1c8b4f2c2ee355dce8a11210fcef5edd3d3d60d388e14907fea513e69 511368 libnode-dev_18.20.4+dfsg-1~deb12u1_arm64.deb
 696f607c2d8d10236021c45593c64cf83f7b2b52684e57cccb25c2d6919a739c 883068976 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_arm64.deb
 86a85617326a8b69ce5aff68f5e9de4ebe4d9940007214cb025ec7558dcb74f7 9564564 libnode108_18.20.4+dfsg-1~deb12u1_arm64.deb
 eea263396bbafd990a09e3a2e4cfabc09ffc746fde3e0f7cbf88f64d30f6b29e 68856 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_arm64.deb
 51b07b4223fbb4bf27c3b4e647dabaaf02ed49b65b5d8d03aacea8aeab273ba7 11073 nodejs_18.20.4+dfsg-1~deb12u1_arm64-buildd.buildinfo
 9c80b38778ba7dfffe6a125da17dd3219e63d17cc3b4b8860d146d0aae23e855 319356 nodejs_18.20.4+dfsg-1~deb12u1_arm64.deb
Files:
 f17402ef23fa3af9413774633ae945eb 511368 libdevel optional libnode-dev_18.20.4+dfsg-1~deb12u1_arm64.deb
 4a0fda6fb2d5bf6156fd666dc955b8b4 883068976 debug optional libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_arm64.deb
 72e3289bb3121c020ba10bfcd81d69a7 9564564 libs optional libnode108_18.20.4+dfsg-1~deb12u1_arm64.deb
 7355e335990cae5a516e4e26b5a48037 68856 debug optional nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_arm64.deb
 04b616d1a2107ba4d04a8e25fb86fc7c 11073 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_arm64-buildd.buildinfo
 6c62e837880f8c736f47a337a6272fb1 319356 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvEwFZ4bqkVI+Rh6t+N4VxR6LZYEFAmiruEoACgkQ+N4VxR6L
ZYFoJQ//fK++SobS6aW3nB3wlXA5and8FWLIET5FiFxeZiyYgmVzvqwHJwDeW0ps
68hffR9VYv9Pu4cLidX5fqVQ4F1JGbDsPi/4l+OAl7fUeuCLZLbcB7ONj+vMN1eg
Qj5lP0O48n1AiBnLJxJ5+gCnWwAw9QgI80LQFaP8zUb5Xg61P8+2B0vlWJw7Efms
4Ll2IG2U2GaewM+K5H60mUazInQZ0cAMkSNezPOoScmWNlbaSZeLg6euWuLDqbZZ
lupiK2wRB+ABXjxhrnBT6JBGFtnoXPFlrJr6Cx5lN1uwi+GnHdTiMAwdFBoF6zL7
VFMkUAELLJQKzSgO1HSqS4X+FZT3p5kDuLihSFzP7hEdwI3d1EgdAqQnZrJU1+LB
seR82UNshNVzp1PCfS7+LTtjQnRLZMrVPelqGfe+4a2slLh2XELu2BT4NIam+OoI
b2d7J1CaUvrLenRF8EMzHqvdS/H2vlzGvcp67WkU3/X1TaD73MuVNN4gs3PgobCl
owjpsF8jlPoEKMea6PhVyKPgNj+MsHYM6K3TXmXgxHd6Y6kpODJR4DzSE+Pziph2
yGX+7t1k4jLxU+MuA1ajsPARKsGuoTZUtgSprPmVP8JhA++M3nhZgL4LV12SbuwX
1ujkTlU0Gmjsnx7/2wJ1WjMSVOjwoHzSmJgvhefEjWLpQsJWhx8=
=f/mL
-----END PGP SIGNATURE-----