-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jul 2024 17:36:33 +0200
Source: nodejs
Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym
Architecture: armhf
Version: 18.20.4+dfsg-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-06) <buildd_arm64-arm-ubc-06@buildd.debian.org>
Changed-By: Jérémy Lal <kapouer@melix.org>
Description:
 libnode-dev - evented I/O for V8 javascript (development files)
 libnode108 - evented I/O for V8 javascript - runtime library
 nodejs     - evented I/O for V8 javascript - runtime executable
Closes: 922075 1074047 1076350 1086652
Changes:
 nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 18.20.4+dfsg. Closes: #1074047.
   * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14
     for compatibility with other packages.
   * test-runner-output is flaky on slow platforms
   * Disable test-cluster-primary-* flaky/hanging tests.
   * Fix test failing with openssl 3.0.14. Closes: #1086652.
   * CVE-2024-22020: Bypass network import restriction via data URL (Medium)
   * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
   * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session()
     leads to HTTP/2 server crash (High)
   * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium)
   * CVE-2024-22025: Denial of Service by resource exhaustion in fetch()
     brotli decoding (Medium)
   * CVE-2024-21892: Code injection and privilege escalation
     through Linux capabilities (High)
   * CVE-2024-22019: Reading unprocessed HTTP request with
     unbounded chunk extension allows DoS attacks (High)
   * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium)
   * Static link on 32bits architecture libuv. Closes: #922075, #1076350.
     Thanks to Bastien Roucariès.
Checksums-Sha1:
 042b9b27973ccfd3249612cf0e6d8e29aa4b7751 511376 libnode-dev_18.20.4+dfsg-1~deb12u1_armhf.deb
 f22eb29f64448a4b5323af0f1847ecf85f78075e 33518372 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_armhf.deb
 f5ae97e7907ab230656595f562358a4a73259d71 9000320 libnode108_18.20.4+dfsg-1~deb12u1_armhf.deb
 c22ec24e6ee18270807bf396e154d6bd435e4d4d 3252 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_armhf.deb
 7708ffdcdc102eae0789eff8c0b4252185de1904 10911 nodejs_18.20.4+dfsg-1~deb12u1_armhf-buildd.buildinfo
 72c459c1adc65af0aef027ce390936e12d5a6251 319120 nodejs_18.20.4+dfsg-1~deb12u1_armhf.deb
Checksums-Sha256:
 9ddcfde39a2d6428bb07b5b3f6349e2f76a7cbf1bd1904095606f32128110ae1 511376 libnode-dev_18.20.4+dfsg-1~deb12u1_armhf.deb
 8ee491733f2fcf2d1e397293ad8479a0ad3b4c9dccb1721f695caf458e4058c2 33518372 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_armhf.deb
 8893945a0fdfae97a82f47488883493e6f5283ca1802856a31925966dde9a3a7 9000320 libnode108_18.20.4+dfsg-1~deb12u1_armhf.deb
 4ce22340640ccd6749d2a6a6863354b826d53ad1347bf5330d1e5c6fee1826f0 3252 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_armhf.deb
 54c44779e4753af19e03b39e20014f6760a1636ee47b45c3a7cd2c1dacdb6bbf 10911 nodejs_18.20.4+dfsg-1~deb12u1_armhf-buildd.buildinfo
 17e7aca34f9fdb3c977589e1e348bddfd38987e55413f3d99937490e007067a7 319120 nodejs_18.20.4+dfsg-1~deb12u1_armhf.deb
Files:
 885fbe90c61922ef6c41e0f786b80e0b 511376 libdevel optional libnode-dev_18.20.4+dfsg-1~deb12u1_armhf.deb
 90d771795cbec0a76878c24eabbb6205 33518372 debug optional libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_armhf.deb
 2e1fcbc8e96b199a3c0d92aba1a35cdf 9000320 libs optional libnode108_18.20.4+dfsg-1~deb12u1_armhf.deb
 6c81e10682519a9349e48f062aa9b967 3252 debug optional nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_armhf.deb
 bc335d197eabb7137c3fd7de7a7a10a1 10911 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_armhf-buildd.buildinfo
 361f128f0d4148ae18f8df9ca3303249 319120 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpxWVfktWxVoKRwGgJ7tNDw2WyRsFAmisIKYACgkQJ7tNDw2W
yRu0uQ/8CE+ZyvWl4DJFkOBsJFe2jD+vWKzJv047kdleOsNzI5nHqJQFhKBQWr2M
N93yZZzyK4YAtaxP+A5O/15uv+2rSIMVEe74QhKhXbOdtdnPeFpBLQJ3Yp+StZ0s
rrVu7Dchg1Xme2KibVDQWEYUruAcRZ0tOSfa7U+2af0AyV90WqjiJlmIDIYw3wQK
wSNLTqKoIfGPoKB9gjl6NhnozmiFiezcxRDwA1RJdeT3glQCU8UyXgyGOTwavy0Z
BpOEcNyAP6oWxhELI6n0RHJrhPAFzw3YUcLtriGYb+a0xWBPTB24KjMA1pivnFhR
3EC1EUNYM2vrUxsep0TZJYbLnH4pABhv8WhYOwxBBo3D4J8QFaQ8t8lEUQ9jozH6
bqZLSToR+tITcqreqke0tnaBpJm5Zx9yGEyLidqlFRBe4hwpTKx79d8/qe5clQ4b
Ma3+FjLuEw8RVHYCE1UfkETdlsiGNMUHicQZzYfaYWduwpACtzETA5SIjERd3qTO
jc+eEUeK5CJCm6ONV+NvsvcHe01XsTj9Msg1dPBeyM8WiPb+0GhXv9D/LtSXyO9n
k9yUAJ5e3VVszicfxvC5Enu8UYQJDvxT7HQvmw0qccdZVSMlksh+guOMkXE6YX8E
6vlCqJvEhtJPNG1b7vvvdUdzBNzPzHgC6HZPNNiLIAEzYUxxVPU=
=cq9S
-----END PGP SIGNATURE-----