-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Jul 2024 17:36:33 +0200 Source: nodejs Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym Architecture: ppc64el Version: 18.20.4+dfsg-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Jérémy Lal Description: libnode-dev - evented I/O for V8 javascript (development files) libnode108 - evented I/O for V8 javascript - runtime library nodejs - evented I/O for V8 javascript - runtime executable Closes: 922075 1074047 1076350 1086652 Changes: nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium . * New upstream version 18.20.4+dfsg. Closes: #1074047. * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14 for compatibility with other packages. * test-runner-output is flaky on slow platforms * Disable test-cluster-primary-* flaky/hanging tests. * Fix test failing with openssl 3.0.14. Closes: #1086652. * CVE-2024-22020: Bypass network import restriction via data URL (Medium) * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High) * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash (High) * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium) * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (Medium) * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (High) * CVE-2024-22019: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (High) * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium) * Static link on 32bits architecture libuv. Closes: #922075, #1076350. Thanks to Bastien Roucariès. Checksums-Sha1: a7d99dfbd7c02abfb03827887481c4a3a6c68ff8 511268 libnode-dev_18.20.4+dfsg-1~deb12u1_ppc64el.deb 767b85b844c41d4e9c8205367d46541f8837d5d2 885371000 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_ppc64el.deb 5098e8d9fa86a199a8708bcde91335da9c8e983a 10869784 libnode108_18.20.4+dfsg-1~deb12u1_ppc64el.deb 1815db984fe0a66caffa7288898f23752400d4e3 68876 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_ppc64el.deb 54a37cb522a8a4f4f1d5a077883b4cdfd4e44d01 11107 nodejs_18.20.4+dfsg-1~deb12u1_ppc64el-buildd.buildinfo ff3a225fb9285fabb291babf29bb60eaedcd18e9 319344 nodejs_18.20.4+dfsg-1~deb12u1_ppc64el.deb Checksums-Sha256: 8d599ea599f91ccdbb616459950f225b59f5cff2b5ae1359563a61d9df84a797 511268 libnode-dev_18.20.4+dfsg-1~deb12u1_ppc64el.deb 3cd0a6af37d55e2fd7a7860b885da83b226cca809e945a8bfadcf89c9d336f2f 885371000 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_ppc64el.deb f6a78dbda8ba6def2392a7b1ff5c96c5bea8535bfb9bfe8b968a93e47942ebfe 10869784 libnode108_18.20.4+dfsg-1~deb12u1_ppc64el.deb 8dd7fb1dc86968c8bf1166486f6d796d7890c769052d4234c00cb2a826aa5e9a 68876 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_ppc64el.deb 39dbe691aa490ceb610fb6c1ccd667b559e7034285788920b9f694b5bfcb1194 11107 nodejs_18.20.4+dfsg-1~deb12u1_ppc64el-buildd.buildinfo b33266b493c64ec516e5e46f9d354390348527840dc273db7b56532c866e12c5 319344 nodejs_18.20.4+dfsg-1~deb12u1_ppc64el.deb Files: 896123ff47a8b6abb570aef67ca4e962 511268 libdevel optional libnode-dev_18.20.4+dfsg-1~deb12u1_ppc64el.deb 633f5c79143aabf3ea3746577cd7297e 885371000 debug optional libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_ppc64el.deb 22df423bc66ccae4a51c01987d5ab5b3 10869784 libs optional libnode108_18.20.4+dfsg-1~deb12u1_ppc64el.deb 495dfea2bda9e9fd499d4268b70638ef 68876 debug optional nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_ppc64el.deb a10731e31d967f0c98bc533456688ed7 11107 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_ppc64el-buildd.buildinfo 7916a6dbb570af522609a9fd9d8d6195 319344 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGHWM+bJZRznwgySGOrVShFbIMGEFAmiruL8ACgkQOrVShFbI MGHsTg//UtumDLhzXrl2KeobFJ7n9g8Ti+gG87dNEj0JxqBg9De3KaBDMcUffMUF N9nIZFjilgpGz2Roeo9AWPt5I6tmkYOfKe4v/wEs7X64i77uP8ssijG/FaYNRLVS cGe4qHUiHsRylHNTNAExoF97RtB10a5wBhzfeYcMrv6EdeyyI1W8GnT8NfkoZr2e XpMZfAHSE9GA1VGNEQLCsmN+KG5HIAkxud6lDtcsWm4OXeYGXa3vTA+Ywx2ZcznE 642VLlMhCTYI8zWnYbGXsEssUkIJzAMpv3QWU+yiCvX50R4Q8Gd0bWINwdp7VAwj VCI+vbBBm0eABSz/V0NHCwEp3n+sv7J8r0wzw3tPCqvw0+V8mvvG20Nsef/kpL4i /Gk1ATiT5+64QEtB/r5bcsZ98K6E7CMhs4anO24oqha5LBbERYNHAp/kPT4K2LDx 9i4DWuDMNad5SvSJBzgR77DX/kB34WZFXyoQzg79s97hxxUGlj1higEz3+FueVAW YbptyavBADlxac+L0b4Nv5r5qFgW3F82Dge8bsGz8RVFLUhh6ntRK/NX52bw8cR/ snvjiKqELmXYshg59zPpoQjrrYyLZQn5FiQ8RebYSfy0pQF/IxnLjLdENnIUG67b /pGNR/VhmEJsTCvkR6NGy5HNBk8f3Qc6LwaJK9jJ+UYAgqmu21s= =GRpS -----END PGP SIGNATURE-----