-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Jul 2024 17:36:33 +0200 Source: nodejs Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym Architecture: mips64el Version: 18.20.4+dfsg-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Jérémy Lal Description: libnode-dev - evented I/O for V8 javascript (development files) libnode108 - evented I/O for V8 javascript - runtime library nodejs - evented I/O for V8 javascript - runtime executable Closes: 922075 1074047 1076350 1086652 Changes: nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium . * New upstream version 18.20.4+dfsg. Closes: #1074047. * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14 for compatibility with other packages. * test-runner-output is flaky on slow platforms * Disable test-cluster-primary-* flaky/hanging tests. * Fix test failing with openssl 3.0.14. Closes: #1086652. * CVE-2024-22020: Bypass network import restriction via data URL (Medium) * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High) * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash (High) * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium) * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (Medium) * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (High) * CVE-2024-22019: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (High) * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium) * Static link on 32bits architecture libuv. Closes: #922075, #1076350. Thanks to Bastien Roucariès. Checksums-Sha1: 7627f2498af828bbfb22108ff5e5c0e1431916db 511404 libnode-dev_18.20.4+dfsg-1~deb12u1_mips64el.deb 0d3818bd62eee6ce911a1f2bc4178f60724f0614 147103252 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_mips64el.deb 4d81bbbb4ef96c202a15dd8bbe1abc31a4d97c5a 8195464 libnode108_18.20.4+dfsg-1~deb12u1_mips64el.deb 158076442e839cfdfef9e4d71bbf95fd7ea6d1e4 16480 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_mips64el.deb d95616161c37877a5ffb8dec5403ac23968eae77 10905 nodejs_18.20.4+dfsg-1~deb12u1_mips64el-buildd.buildinfo 4a714d96465b3c84edad969ea14e0907f3dc0d35 319368 nodejs_18.20.4+dfsg-1~deb12u1_mips64el.deb Checksums-Sha256: cc6f2a9f4976caa909c9809193c74006ebd4c863b3aa084146b2aa6522728ac0 511404 libnode-dev_18.20.4+dfsg-1~deb12u1_mips64el.deb e567ac6b15db97f49dc6ac5e9125194ac222b6fee55df3e22beae63ff276192a 147103252 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_mips64el.deb 202de4229a32bc9c7a7650f45d613d8078afcdeefa5e060bb800ca8a2a517d63 8195464 libnode108_18.20.4+dfsg-1~deb12u1_mips64el.deb a493c892a329d8f09cc3dac445b930816baaaf789d5adc1850986fe496cb71f3 16480 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_mips64el.deb 8ace63b32d14939aadb07890db0b4666269115c288660dc4493238959b6c122b 10905 nodejs_18.20.4+dfsg-1~deb12u1_mips64el-buildd.buildinfo 3b7d07e20de4ad63d7cb5c271ed3f9483b7f6435f96ee821f86697710e6c0ce8 319368 nodejs_18.20.4+dfsg-1~deb12u1_mips64el.deb Files: 993127c37da570fc6dd3c75695566e60 511404 libdevel optional libnode-dev_18.20.4+dfsg-1~deb12u1_mips64el.deb 56aaaf504f3f4b16de070624afb5161a 147103252 debug optional libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_mips64el.deb 06e65d48ce21a57a07dbcf32fe9459b3 8195464 libs optional libnode108_18.20.4+dfsg-1~deb12u1_mips64el.deb 6adee4b6b2cc6a82acfe2e6d21666c7f 16480 debug optional nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_mips64el.deb 5f795bff25c628f4b92f2c92847592b7 10905 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_mips64el-buildd.buildinfo 4808fce56095eb2b39aac906c02d9cde 319368 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEesE3YcWKZXIkRPMemf85J+x5/aoFAmir2ikACgkQmf85J+x5 /ar1pRAArdTk1rrQec62Gl7u/Hd5cFQ1EHtSw8himtW4FdVGUjBN6ijkNfk1DCZ1 0BYHKGs4dJ1VjREm6Us0Vkm3Txc+MNFPbYRjTAcRZLbjYc6qSnf7q3RoPe4/HrPb JTCP7WpeR48lyF7H2rb13F3fkZch7AG9MSdPdFTaxeLAPUal2OUFzgaLrJ7Di5Xf yL+5AUNGstLT565YbtKhFgkHV0P77q6iQkD4e11oud98zjNpiW+EzqtDdPJiwIq7 uqnkN6b/88XBJGMGC5I4H+plkJWpH749Hqxd86on1KuXzUI4AZW2UyBfXf8ABn3L LGfEISGcxchVLfSB8GOEwWpFhmHQP8gkF0LD7X8JGGUdyJTDdeHrIXeW2D4zrXZX Nms4PEWsh+LFAjNY9/FGGgkHFH33UczF/jDtUxxWsf5r1pEjd9hEhISt8dCuib1H YzILmpfR+z3Dj1ShUBJL3FwMhS+feRdWcSkD4k3P/yMAdZJCStxDfav67OZjcTzt 76z3DDU4flnZVmW13XbhdOHvpI0KJSkwjVeJYPMV50hoT1rM9R3EzIX0l5kiK/V6 eIepP/GoKuk2wDS0cz96I7x99IyRKw/RTvlq2IZNqK9Yx0hPbE7krT1lEptCaGE0 ETbjhpJ7rOoD0+AdTaaWCLNZ4/e9lnVWLo4aZHJ1g+ndSwiWJXo= =CbLp -----END PGP SIGNATURE-----