From: ftpmaster@ftp-master.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 09 Jul 2024 17:36:33 +0200
Source: nodejs
Binary: libnode-dev libnode108 nodejs nodejs-doc
Architecture: source amd64 all
Version: 18.20.4+dfsg-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: J€€r€€my Lal
Description:
libnode-dev - evented I/O for V8 javascript (development files)
libnode108 - evented I/O for V8 javascript - runtime library
nodejs - evented I/O for V8 javascript - runtime executable
nodejs-doc - API documentation for Node.js, the javascript platform
Closes: 922075 1074047 1076350 1086652
Changes:
nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium
.
* New upstream version 18.20.4+dfsg. Closes: #1074047.
* M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14
for compatibility with other packages.
* test-runner-output is flaky on slow platforms
* Disable test-cluster-primary-* flaky/hanging tests.
* Fix test failing with openssl 3.0.14. Closes: #1086652.
* CVE-2024-22020: Bypass network import restriction via data URL (Medium)
* CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
* CVE-2024-27983: Assertion failed in node::http2::Http2Sessi
n::~Http2Session()
leads to HTTP/2 server crash (High)
* CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation
(Medium)
* CVE-2024-22025: Denial of Service by resource exhaustion in fetch()
brotli decoding (Medium)
* CVE-2024-21892: Code injection and privilege escalation
through Linux capabilities (High)
* CVE-2024-22019: Reading unprocessed HTTP request with
unbounded chunk extension allows DoS attacks (High)
* CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium)
* Static link on 32bits architecture libuv. Closes: #922075, #1076350.
Thanks to Bastien Roucari€€s.
Checksums-Sha1:
76413b35260e2bb56588e68654d5e54a186a1740 4359 nodejs_18.20.4+df
g-1~deb12u1.dsc
4e580579ef4a73cf6ab060c74433501f292c18d3 272924 nodejs_18.20.4+
fsg.orig-ada.tar.xz
4cad22f4545483163b468271d06f425b15f1dcf0 267236 nodejs_18.20.4+
fsg.orig-types-node.tar.xz
a0c8b9acf0982e9010edb24542aa83d55e65fbde 29390728 nodejs_18.20.
+dfsg.orig.tar.xz
efebd919d4ae4873bbf9b2e3fe365fbba1574be9 169104 nodejs_18.20.4+
fsg-1~deb12u1.debian.tar.xz
a06f8fb211d32325e7550a6c5726ce90a5d7cc3b 511368 libnode-dev_18.
0.4+dfsg-1~deb12u1_amd64.deb
fd519d1ef11df91d34499f8430db078f3b5e680d 10626484 libnode108_18
20.4+dfsg-1~deb12u1_amd64.deb
6de046fe960c3ef0f49bea92ad732a874de4c2b5 3578752 nodejs-doc_18.
0.4+dfsg-1~deb12u1_all.deb
39febb2ce2af75dd635aef79d79346bb89cdfbc9 11456 nodejs_18.20.4+d
sg-1~deb12u1_amd64.buildinfo
f9d9f762e7a0c1bc96ab4db0b31c77ce8f14c62e 319312 nodejs_18.20.4+
fsg-1~deb12u1_amd64.deb
Checksums-Sha256:
e872fc45081a436c62539c035c6eefab2abd83e66fa2752ab1a6f4a477857a27 4359
nodejs_18.20.4+dfsg-1~deb12u1.dsc
b58fd8b7ef61255b66d42b66e32e74ccdde61c4e02facd6b5a566618e32e993e 272924
nodejs_18.20.4+dfsg.orig-ada.tar.xz
5bd8293f0adfb7bc744e3071bdbd184fd02f973931396ba816ff61514ecd62a9 267236
nodejs_18.20.4+dfsg.orig-types-node.tar.xz
6ce58062c71eae37d9c5ac31eeaeff9c2d48561d21c2849179d056c9c1bd9ebc 29390728
nodejs_18.20.4+dfsg.orig.tar.xz
bd8b2acac5b28e88c3a452246b9c49de3c59814d33eae46c28173cac6de7a3b7 169104
nodejs_18.20.4+dfsg-1~deb12u1.debian.tar.xz
b88033e2e6ea9d151f43c2f161c29989e09d8cbe6b8b8707b9c8a2bcb53f5674 511368
libnode-dev_18.20.4+dfsg-1~deb12u1_amd64.deb
6b65a9d012a8822964bdc7dd7dc35a277c10e371bf057b30c1e41dfad09d3b64 10626484
libnode108_18.20.4+dfsg-1~deb12u1_amd64.deb
001502044dbbe143c94c680f1b618df94c285c19c467b237f0afa5f5df3fec47 3578752
nodejs-doc_18.20.4+dfsg-1~deb12u1_all.deb
35ca205c33791474e85a12e6ed2cda058d18669b20487e4daefc67ea0ee6d328 11456
nodejs_18.20.4+dfsg-1~deb12u1_amd64.buildinfo
30571c0188b04916112205268ac0b2740f02abac0a4e807b1730ea7df81a650f 319312
nodejs_18.20.4+dfsg-1~deb12u1_amd64.deb
Files:
d7a7712ea0fe9fdf293eed32e7a25ea8 4359 javascript optional nodej
_18.20.4+dfsg-1~deb12u1.dsc
774dbd4a3931a17737b3c27a7a67d587 272924 javascript optional nod
js_18.20.4+dfsg.orig-ada.tar.xz
8cabd2aa436c05f698a17368826a8645 267236 javascript optional nod
js_18.20.4+dfsg.orig-types-node.tar.xz
157a1ca8a7c3ca2465402e0326511581 29390728 javascript optional n
dejs_18.20.4+dfsg.orig.tar.xz
6684db37386ed58a59c99a8756add91a 169104 javascript optional nod
js_18.20.4+dfsg-1~deb12u1.debian.tar.xz
88989532bbf115aad8ee46e271f522cb 511368 libdevel optional libno
e-dev_18.20.4+dfsg-1~deb12u1_amd64.deb
df9ac0656df9e964ca6f0f29701aefaa 10626484 libs optional libnode
08_18.20.4+dfsg-1~deb12u1_amd64.deb
08e8da385d41c4c314309d40eac83432 3578752 doc optional nodejs-do
_18.20.4+dfsg-1~deb12u1_all.deb
4c5db4b673a6f4c378fd78537a8c770b 11456 javascript optional node
s_18.20.4+dfsg-1~deb12u1_amd64.buildinfo
1e3bafbcaa5373d15fc73826cbe35483 319312 javascript optional nod
js_18.20.4+dfsg-1~deb12u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmirp4MSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0suUQAIFsFTYVeSbUQ6e/MJET2W4mdOPUhg40
ZKqLAzBEkvYc8Qm+lAHfZpeNnG2b3ETf5CInjlKFt7ZV9yTdxVnpZslx1TEAk8r2
uBQzDZRogPJZGgfg7df3BgQ2/labolsSiwLGdtuHS3pbhy1G9cPPjHnSQ8OXM9UX
qE9Gxz6kMXdnHwWPdkJVNiGY819K6r5w4d+YwsEgEVMbMkukoXnGpG2ODI4/Jnjj
Eww8OdKJNgA8smRzUFNW1kAN3a+xeL100FIphQ171Lm+YwxCieVI8rkFq37d1nBd
PYGVx0iBW6fLJq59sHeTV2MpYQFVkRSGpt86UKv/dx/hrl6y6hM2VBmDa/IuMC3F
5XBkp/YlhXAIK0sFE9fHXeHccg0T+bOGhaakHBNskuLTZmj2tT5qr+hGXfcA4fDI
Cw1kpGsxPKxd8NbttCmIH2Rb5Oa7vjcPGpJy752D6CL8Hp2Z8SMLqyetgk2cIecD
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
