-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jul 2024 17:36:33 +0200
Source: nodejs
Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym
Architecture: armel
Version: 18.20.4+dfsg-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-02) <buildd_arm64-arm-conova-02@buildd.debian.org>
Changed-By: Jérémy Lal <kapouer@melix.org>
Description:
 libnode-dev - evented I/O for V8 javascript (development files)
 libnode108 - evented I/O for V8 javascript - runtime library
 nodejs     - evented I/O for V8 javascript - runtime executable
Closes: 922075 1074047 1076350 1086652
Changes:
 nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 18.20.4+dfsg. Closes: #1074047.
   * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14
     for compatibility with other packages.
   * test-runner-output is flaky on slow platforms
   * Disable test-cluster-primary-* flaky/hanging tests.
   * Fix test failing with openssl 3.0.14. Closes: #1086652.
   * CVE-2024-22020: Bypass network import restriction via data URL (Medium)
   * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
   * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session()
     leads to HTTP/2 server crash (High)
   * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium)
   * CVE-2024-22025: Denial of Service by resource exhaustion in fetch()
     brotli decoding (Medium)
   * CVE-2024-21892: Code injection and privilege escalation
     through Linux capabilities (High)
   * CVE-2024-22019: Reading unprocessed HTTP request with
     unbounded chunk extension allows DoS attacks (High)
   * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium)
   * Static link on 32bits architecture libuv. Closes: #922075, #1076350.
     Thanks to Bastien Roucariès.
Checksums-Sha1:
 47128ccecff12fe1e70d6c7ad34c4138c7b796b7 511352 libnode-dev_18.20.4+dfsg-1~deb12u1_armel.deb
 3d3144de1f9904562250638d3a56473bdb196918 33500544 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_armel.deb
 970107f27998526ef7c972b62514a21a096fedf7 8975900 libnode108_18.20.4+dfsg-1~deb12u1_armel.deb
 199127ccd4257c8aa44be4f920b52a8b2e7d4d72 3264 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_armel.deb
 0d045df0f7187156d33bf47fa3bc5ccfc11c3eae 10983 nodejs_18.20.4+dfsg-1~deb12u1_armel-buildd.buildinfo
 1ebea68b3f38b2fbdb41827d4d6207d80a26e641 319192 nodejs_18.20.4+dfsg-1~deb12u1_armel.deb
Checksums-Sha256:
 c5813017c17e2d31c74203bc1bd569239985255eed2a3ad4d75b5cd11f54aaf2 511352 libnode-dev_18.20.4+dfsg-1~deb12u1_armel.deb
 d42500a49d2607aa2b3ce9eca90d3c3614bdd1727eb8505bedae3c384b3d133d 33500544 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_armel.deb
 06b671f70d04476ad5e2f73cd0c3272515faedbb0e6f341092d2c98730303af2 8975900 libnode108_18.20.4+dfsg-1~deb12u1_armel.deb
 531b4a65b4fdf97fd6e6039f18c8211bee60f5d44ed9d33963f9c8a62ea50fec 3264 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_armel.deb
 0e3d9ee44c21132044366a4875271c23e22bb1eb7e8304043febd5f8ecd25288 10983 nodejs_18.20.4+dfsg-1~deb12u1_armel-buildd.buildinfo
 290cb296facc0d3e6e57c8de61e8cff6da4cfb5a949e1f7cec8eab377690dcc8 319192 nodejs_18.20.4+dfsg-1~deb12u1_armel.deb
Files:
 c1a19df741a195e18d804796ce6eac2e 511352 libdevel optional libnode-dev_18.20.4+dfsg-1~deb12u1_armel.deb
 0cbe86105d8097e9bb82429be02c31fe 33500544 debug optional libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_armel.deb
 c6431db7578be1aa1ac9075dbc8bebe8 8975900 libs optional libnode108_18.20.4+dfsg-1~deb12u1_armel.deb
 dc02f6a1402f73065b203fb13c29b840 3264 debug optional nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_armel.deb
 3d24a4969385f0ea4f931fefd47fd00b 10983 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_armel-buildd.buildinfo
 fb1497fefb21272b9f31b43b476b64e8 319192 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmir29EACgkQOQKMdMnE
H5ORhRAA8mFlC+sNZLVq2BZYf2BusH6Afi4DQBdF2HTRzWQiQiH58N9egIfuprXW
uolRczLdVett6eufioAMN3+wTqlsq1cd0e2vywsq8I9123T7s2TQsw3a1v6S+hXY
VLkr5WLSdVpFiyd1bjm/KGmmQwyvguB3aHnsBgzObzbsUe4XuV8FAA8cHSRkwoMz
ELdcyAhyOhTllMQi5bsuxnkW1mf/zmyhR/mV8hEr7NNXN3ceOfclbTuFZX62g7fN
SeY5MdaZROaeZwwx0oL8Rt5IdrLAw34nwUvz6CLDyYc9PThGJ0a6OZ6fYUZm+5b1
hzP87+Rn4UdNAO/KmQVXr7+7Q9VxCKWNaczi+7s+EJj/P4UtWA+uZWgEbxipdoQo
rAJII4H7Kq/achkRgHXULRBpTau0k6UhM8Fc1zAU5SjOFBCgW/MMALvDDcjUpxd7
IZaJfDpWIOnRHRAFcCa1ko1RneUeITp6x28nzJJxk6lSaSAjd08avZkS3E+OxaEY
rNzoTrdpgqDOoHbrwvgcz3tW9M52JCQdrESIEKVP1JKb7d0hKFjb8cwyrhuIxX8r
/pAcH0Ly8ZQsJY+dXXnKJx0WPzeL/iFqYl4pIt9L8RsepZZWCyGcC2MGc9We2k7d
Ay7yyV8VyeESkCLJK7j5+sk5/nQUks7PEIpVicQO8fuEMs9lKNs=
=fpIE
-----END PGP SIGNATURE-----