-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jul 2024 17:36:33 +0200
Source: nodejs
Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym
Architecture: i386
Version: 18.20.4+dfsg-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Jérémy Lal <kapouer@melix.org>
Description:
 libnode-dev - evented I/O for V8 javascript (development files)
 libnode108 - evented I/O for V8 javascript - runtime library
 nodejs     - evented I/O for V8 javascript - runtime executable
Closes: 922075 1074047 1076350 1086652
Changes:
 nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 18.20.4+dfsg. Closes: #1074047.
   * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14
     for compatibility with other packages.
   * test-runner-output is flaky on slow platforms
   * Disable test-cluster-primary-* flaky/hanging tests.
   * Fix test failing with openssl 3.0.14. Closes: #1086652.
   * CVE-2024-22020: Bypass network import restriction via data URL (Medium)
   * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
   * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session()
     leads to HTTP/2 server crash (High)
   * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium)
   * CVE-2024-22025: Denial of Service by resource exhaustion in fetch()
     brotli decoding (Medium)
   * CVE-2024-21892: Code injection and privilege escalation
     through Linux capabilities (High)
   * CVE-2024-22019: Reading unprocessed HTTP request with
     unbounded chunk extension allows DoS attacks (High)
   * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium)
   * Static link on 32bits architecture libuv. Closes: #922075, #1076350.
     Thanks to Bastien Roucariès.
Checksums-Sha1:
 886d940d2336f7f9dacdccb1dd782c7bcbf3935d 511412 libnode-dev_18.20.4+dfsg-1~deb12u1_i386.deb
 45d6e641897afb09ab58e2efa4c616cd9c57a056 34204612 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_i386.deb
 239dbaa08222eb9675c44f18de60bfa0ba40d584 10650152 libnode108_18.20.4+dfsg-1~deb12u1_i386.deb
 3d6b39d9563026ff2aa2b1f4c27547e8cc82e0a0 2964 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_i386.deb
 36dc19d0dc2f272d33ce2041e2583d4a645aedc3 11033 nodejs_18.20.4+dfsg-1~deb12u1_i386-buildd.buildinfo
 c2e3fa44b1b7a351d83269cb6e3394d6ae4d1333 319296 nodejs_18.20.4+dfsg-1~deb12u1_i386.deb
Checksums-Sha256:
 109ff87a14cfd214b9fb049064db7f57cd95407e7f1e52e5d8e6de14fb0ac7e3 511412 libnode-dev_18.20.4+dfsg-1~deb12u1_i386.deb
 43af3eb5f073576fa8e38b14045dfbd315fdb9dc8dde10cfe57b0fe06133865e 34204612 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_i386.deb
 7b96632d3ae2287b42c5b1cb9ca7aa3232b245f6ed8442990be9f77735164a25 10650152 libnode108_18.20.4+dfsg-1~deb12u1_i386.deb
 3fa844c7443d1922a6911728b377c1a3a0b2b7a0cf2059959a6355306320ef6d 2964 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_i386.deb
 9c6485f9d84a9b33ec6bb66f83ebcda4b1597a0550cd4f3ce104ec2c72133552 11033 nodejs_18.20.4+dfsg-1~deb12u1_i386-buildd.buildinfo
 a39f6f8a12d5243da5e8aff0ebf932854f214df8632ed0ac87883a64635022d0 319296 nodejs_18.20.4+dfsg-1~deb12u1_i386.deb
Files:
 8fff3e653a469ee0210348c3cb189f40 511412 libdevel optional libnode-dev_18.20.4+dfsg-1~deb12u1_i386.deb
 e874be100b72f75e28021f95795d5d24 34204612 debug optional libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_i386.deb
 91c46e5694b9bd6ba6d76aa60444b0f3 10650152 libs optional libnode108_18.20.4+dfsg-1~deb12u1_i386.deb
 471cf9f0be47e01f5716c113729f95cc 2964 debug optional nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_i386.deb
 ce518be57d33d42e4c4cd0fa61efe067 11033 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_i386-buildd.buildinfo
 50836fade2d857963f16acb6a0f94da2 319296 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmir3rkACgkQJuP6X4A0
XeJxgRAAwrUiMGadEheKKgtln+g/0COrSQhTd6IQsaMaLh7gRi8CPvPJBJYDXqOt
S1m6TXRuBKTyIUFzHLD5KRLBhLZi+w/4YvsvXwj82vu6OfFBv/pPtE8rt0DT5r14
LGY373clMpyNbIRiiLbph/ATNi1O+mZZ7tM16uhW7VkgiYoYIj8MZav1cyvEFed2
3PEKoYvCwnGavkYntVufyQwI+FonFqsDplnHTfh51Em9XbOzELzh4hTNP/RflnLd
l1RcnJEIfEvkH7Ge+fmwpF7/NdxNdVsDh2CrxBAwIcLdE8kwpVaf4DsbDdap3kfu
03wheSDq1EyAkh5UbnsXLGTqRTYVT+W5o9b5fot/9hf5iHLfAiz1MAlyHrjND7H7
ofiA4q6O53CDCpmJaZREseontXSso9QTmp1460DrMwMpudD3W5NXdug/9Bi5bwzg
vFI1efj3GiNlsBCWi8LbKA/OVkvLBYQdm8XeL9zmZSe9+Lf2PVfXOrRq2KIQekaL
Wlll3HIwkBSSqG72Y3Xlm0YOGbNwBlVNBUFkd3hLSwXfiu5x0DbAHgxtI+/4ZW95
NctAkQZtptNGlmgjXl0g0SVBC3cqmy++MNlUoRNLDBXtDpDuPc7lk7J0MQKicird
QeaBCE03UVx4GV7I9Irl1BMtWmFfW6xgpHhVaMd1Rhn2F1r4+pM=
=Myhs
-----END PGP SIGNATURE-----