-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Jul 2024 17:36:33 +0200 Source: nodejs Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym Architecture: mipsel Version: 18.20.4+dfsg-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-04) Changed-By: Jérémy Lal Description: libnode-dev - evented I/O for V8 javascript (development files) libnode108 - evented I/O for V8 javascript - runtime library nodejs - evented I/O for V8 javascript - runtime executable Closes: 922075 1074047 1076350 1086652 Changes: nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium . * New upstream version 18.20.4+dfsg. Closes: #1074047. * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14 for compatibility with other packages. * test-runner-output is flaky on slow platforms * Disable test-cluster-primary-* flaky/hanging tests. * Fix test failing with openssl 3.0.14. Closes: #1086652. * CVE-2024-22020: Bypass network import restriction via data URL (Medium) * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High) * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash (High) * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium) * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (Medium) * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (High) * CVE-2024-22019: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (High) * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium) * Static link on 32bits architecture libuv. Closes: #922075, #1076350. Thanks to Bastien Roucariès. Checksums-Sha1: a003fcd3c8f58f0c900e8b325830471b6dafca96 511428 libnode-dev_18.20.4+dfsg-1~deb12u1_mipsel.deb edc62a6e4550bd7a9684d9de2742c631c267591a 13122952 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_mipsel.deb d5ffb5552c6a388dc3e089f928ef9a21e8186c09 8375720 libnode108_18.20.4+dfsg-1~deb12u1_mipsel.deb f01cead9348ffa82c5150257f5d71f0b5153e5ff 3044 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_mipsel.deb 451caf87402c3fd8bc91d450db44176a222216cb 10858 nodejs_18.20.4+dfsg-1~deb12u1_mipsel-buildd.buildinfo b66f28f67ed8c1e4f6c1535885f58691ceb0a559 319248 nodejs_18.20.4+dfsg-1~deb12u1_mipsel.deb Checksums-Sha256: 0d6518c21c281c78ab6655378b9e6a90eec31f36ac392f5ec3aa0b6b15e1fc11 511428 libnode-dev_18.20.4+dfsg-1~deb12u1_mipsel.deb e6f8c6c2f045094e72c136a4315a1072a8acac0538e13098e044bd0d18dbfb64 13122952 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_mipsel.deb c5bf33313ddddd4bb5c806b094b26681a5b93e7fb6ee39847d8db7a4f0c014d7 8375720 libnode108_18.20.4+dfsg-1~deb12u1_mipsel.deb ae9cac9321eca898329dc016911ad907c3bce2d95c368259adcc73c7e8788c81 3044 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_mipsel.deb 8561b2f62b31a3861f5ea596048025572de8a891cbd208337a2b8cf469336d2c 10858 nodejs_18.20.4+dfsg-1~deb12u1_mipsel-buildd.buildinfo 016cb4fdb06ae5cfbdf7e74bf337942e1a2212ac14ab2e3a6319bb2f6f357015 319248 nodejs_18.20.4+dfsg-1~deb12u1_mipsel.deb Files: e887bc46b13b1d00dfe01d025c8f0ebd 511428 libdevel optional libnode-dev_18.20.4+dfsg-1~deb12u1_mipsel.deb 4e5b6294dc432fa0870d4c2908c6bf99 13122952 debug optional libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_mipsel.deb 4e3dc4b554268530f3f9acc7b86daac1 8375720 libs optional libnode108_18.20.4+dfsg-1~deb12u1_mipsel.deb b0c344406d3422a2fc5ec0f25f61da7c 3044 debug optional nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_mipsel.deb 495e93c3f0a1486ad135e726d1adc17e 10858 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_mipsel-buildd.buildinfo 6e9897238f82729c7f4322e899f6ba22 319248 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERbXMbY9VMQqnSaVEV4aVsMglzVcFAmisVfsACgkQV4aVsMgl zVed6hAAisc/qxRSF6WquX106TwJTAp+NABLzskPgyIG3MW7bZTyYdWR1EgbgdY/ foH99vPDTBeLHTfEAUrYux/xjUI1u4L4roHl5ukJbIomZe0eEhgmOcDr3kKfHH/b 7D52Fk7H0kraMm2CCBFRVaHFJDMXKw5+1MjRr7xqs7w2XljSx6uLwmTb2//JalE4 UMKz4Hb/pE/gY3CDjzuILVAYd/WF/D6wwSFqWgbbntNe9iY30zLficpExSy2D2ie s0W0mLX2dmHX0C2C0HAMIoWPVMslg1IfrS+TzAL46HOfROYjumD0lmmo60gClWAK vPiOLBZIvJKMwZtV6BUoqmjLRzXLK33K84TcNi2TVWztBaImzy7k2/MNnkGtdn51 6mu0sjRZzKs7oVIV4Fpgh4TeP0+E0HgJRmGDG1dniC/yWqWiNyDBMByoylU7aDfV DALMM8SsMMrg7DNu728JimRbXbmPe/8iHDEAQM8WNmBQ8Q7WSdcvihzvQ33TVBP2 JoTKCJ3KqH7ZiGRUZJsxU7hMwbJsbApifO3x+vnDr/UpKZ5WKA6Lf2c9MEq7e5fX HKX/gxfcvDp+fZaUDo3y4ARmDhtpJU4oe4zfkLm4sQjU1V2icu+vdF87H/iz6MML ttEjus4wsVtnnLfMaBuzl2uNghydv1X94adU01fXNi4gIwEMh0w= =XfnY -----END PGP SIGNATURE-----