-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 09 Jul 2024 17:36:33 +0200 Source: nodejs Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym Architecture: s390x Version: 18.20.4+dfsg-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Jérémy Lal Description: libnode-dev - evented I/O for V8 javascript (development files) libnode108 - evented I/O for V8 javascript - runtime library nodejs - evented I/O for V8 javascript - runtime executable Closes: 922075 1074047 1076350 1086652 Changes: nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium . * New upstream version 18.20.4+dfsg. Closes: #1074047. * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14 for compatibility with other packages. * test-runner-output is flaky on slow platforms * Disable test-cluster-primary-* flaky/hanging tests. * Fix test failing with openssl 3.0.14. Closes: #1086652. * CVE-2024-22020: Bypass network import restriction via data URL (Medium) * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High) * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash (High) * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium) * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (Medium) * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (High) * CVE-2024-22019: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (High) * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium) * Static link on 32bits architecture libuv. Closes: #922075, #1076350. Thanks to Bastien Roucariès. Checksums-Sha1: e6a8e8ae97f43673c552d0c3be5bf4875d582b66 511464 libnode-dev_18.20.4+dfsg-1~deb12u1_s390x.deb 37ec9ba28e08e835edee4da7f769f2e9bf2e508b 918132456 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_s390x.deb 91917de4c0a2878ea2b4906f3ee02d8f9a0841d3 9716352 libnode108_18.20.4+dfsg-1~deb12u1_s390x.deb decb3cdf1cd7e6347090b3b4db3db9cefd510804 68720 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_s390x.deb fa7cc7e7241ced95c9945c3eb2d99113cc52835e 10945 nodejs_18.20.4+dfsg-1~deb12u1_s390x-buildd.buildinfo f0d907099c308a4e72046ad828f281fcf51483bd 319100 nodejs_18.20.4+dfsg-1~deb12u1_s390x.deb Checksums-Sha256: 6c2ef9c775746a8898134d9345b041f7cec504e3764becf90e2a99c34afa9b77 511464 libnode-dev_18.20.4+dfsg-1~deb12u1_s390x.deb f4e9dd0108d05bed7912e67d1486f062d980ff12e989079290f166ea22157ae3 918132456 libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_s390x.deb 1bf7be16fa7497717d5431fe1a568c7c0bdee9106aea2b65719b19bb72c2332a 9716352 libnode108_18.20.4+dfsg-1~deb12u1_s390x.deb 24ff215d0942e1f47b8d8fd2277527b8c38e8cce85285b858366892ceeff9afa 68720 nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_s390x.deb 0ec1e0ebc08a5cd998d7c9f0119188d56598945801f29821496d9386f05d3cc2 10945 nodejs_18.20.4+dfsg-1~deb12u1_s390x-buildd.buildinfo dc5c0d1cb4ba4b37deaf1cb5dfc7603c10d65a60f6f4e5406028f21a5c8aaec4 319100 nodejs_18.20.4+dfsg-1~deb12u1_s390x.deb Files: 25d4e741719fe4c02387f69c0c8fb93a 511464 libdevel optional libnode-dev_18.20.4+dfsg-1~deb12u1_s390x.deb c407aea95b9bca4deab9b1dd8a79698b 918132456 debug optional libnode108-dbgsym_18.20.4+dfsg-1~deb12u1_s390x.deb eb2033f7a7d8f8a2f3c0d80560f29714 9716352 libs optional libnode108_18.20.4+dfsg-1~deb12u1_s390x.deb 2fffab92089c0f99e0b833691a729912 68720 debug optional nodejs-dbgsym_18.20.4+dfsg-1~deb12u1_s390x.deb f056c8b839f041fc3b1ea204942a1ede 10945 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_s390x-buildd.buildinfo 73e08fd330afe879307072225420c9f7 319100 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu0D/YpnnSxv8epH9AKOyQzsWVasFAmiryhIACgkQAKOyQzsW VavAjBAArM/BK8YeNCEE3wEzzQFtqLWKjpRq9wdwiI5zp8BzcwOsqjWEcFCjwNIO BI5dyM0qIE4wZ21a5mwaqgz/Qeyiz5RjdTXZJ3qB3GjNtY6kwYwFE/DOWRra15nh BmZM5X9rPptPWICc746XURtUQmsN2Er5nMOT5pphcYRPgNcun6ejGH/5YqTDJzSa KU9IlZN2CIAU+2RymLRYd7jqVnCoSg9WLCIZi/XPiZyzvKFnxR8nXGsatkOqE2Q1 lySlBs5SPaYdubKh9cj5JblIg0OAnTAIaJIzNHO1aCmbF43fheqdrgB2+5yWj72U iN2D3k+AeBBLxM255IcKWlkOIwyg8UBiU0D1a9BXqi2PNsWl0mSWwX9HE819LuRG CAswScXvIJDKo0iSz9/VWJC6ly0U/VX8Q726M1EbspKdCzchGCIR1LzHgV9dvm+q OmaLOKIU4JiTZZdpr6McVZEKL6wfVoIx8ysZVGJII619luVMXwxqPNpJ1LoJqrIZ F4Mlm0sVAHWhTtNlDCJBcmbO+VDqyFS2VMMC/LQsiPrZXZfrtCA3XQm/5cIKLD2l M/gG3QAICDU2ckTMTPh1TznWkQ0NclqFFL9IlzjDeuanKDkbenU7aA5mAMYChgq9 1YO0s82VMeZ2klB2oU76oNg8HQFPnKbxCGtSltetCycmZxoFod0= =Z3Uu -----END PGP SIGNATURE-----