-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 18 Feb 2024 18:12:23 +0100 Source: nodejs Architecture: source Version: 18.19.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net> Changed-By: Jérémy Lal <kapouer@melix.org> Closes: 1059168 1064055 Changes: nodejs (18.19.1+dfsg-1) unstable; urgency=medium . * New upstream version 18.19.1. Closes: 1064055. + CVE-2024-21892 (High) Code injection and privilege escalation through Linux capabilities + CVE-2024-22019 (High) Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks + CVE-2023-46809 (Medium) Marvin Attack vulnerability against PKCS#1 v1.5 padding * new architecture: loong64, thanks to Shi Pujin * patch: + let loong64 have some failing tests + more doc for localhost-no-addrconfig + allow test-debugger-heap-profiler to fail. Closes: #1059168 + disable zlib embedding in v8, disable snapshot compression * override lintian source warning for zlib brotli test string * fix boostrapping of nodejs package: + update README.source + nodoc: disable bash completion output + patch: disable shared builtins when flag node-builtin-modules-path is used * include permission headers in libnode-dev * B-D pkg-config becomes pkgconf Checksums-Sha1: 0d0de63a10ea082a473f677af1b9a6be2b066337 4356 nodejs_18.19.1+dfsg-1.dsc 2540b9b84f230689afcbf507a307d46d4ef2a411 269724 nodejs_18.19.1+dfsg.orig-ada.tar.xz 4cad22f4545483163b468271d06f425b15f1dcf0 267236 nodejs_18.19.1+dfsg.orig-types-node.tar.xz c2d954a215b417e858e4750e687ef180333790a9 28802788 nodejs_18.19.1+dfsg.orig.tar.xz 2f4699c23c652a71ae581b2b187756cb5c1fbd8b 163300 nodejs_18.19.1+dfsg-1.debian.tar.xz 3451db4d91e2c65cf28d19c0f87495368ea19621 10959 nodejs_18.19.1+dfsg-1_source.buildinfo Checksums-Sha256: 7c5c6b0b6916f1be0abd263ba06fbfa5328dd4d5a4760bd20e1c6ba9b9daf481 4356 nodejs_18.19.1+dfsg-1.dsc 0c3caa8771a2bc6ac5d32912d07383dcae8a0cf145ed6f7017cbf6b41478acd2 269724 nodejs_18.19.1+dfsg.orig-ada.tar.xz 5bd8293f0adfb7bc744e3071bdbd184fd02f973931396ba816ff61514ecd62a9 267236 nodejs_18.19.1+dfsg.orig-types-node.tar.xz 85e2a8604269306984d0c7cc3cdc028dc654d9a60c42a0e059e0104430732c61 28802788 nodejs_18.19.1+dfsg.orig.tar.xz fefe4bf79bb4b41e12907e2714d868a660df900a56453f48f60927ee189c6b13 163300 nodejs_18.19.1+dfsg-1.debian.tar.xz 0720d16be5186b44d49515226ed9bfc92471bfeb0d48b5bc525d2aaf6d0cd197 10959 nodejs_18.19.1+dfsg-1_source.buildinfo Files: 37afa2914e24e18a5282cb08d8b6ebe9 4356 javascript optional nodejs_18.19.1+dfsg-1.dsc 327a080764e93ab10a593efba5b84fd3 269724 javascript optional nodejs_18.19.1+dfsg.orig-ada.tar.xz 8cabd2aa436c05f698a17368826a8645 267236 javascript optional nodejs_18.19.1+dfsg.orig-types-node.tar.xz 275b47ffe6863d3d98cda579aacea9ca 28802788 javascript optional nodejs_18.19.1+dfsg.orig.tar.xz 9da9e0d945e8f74fad9bd4c29a9268a3 163300 javascript optional nodejs_18.19.1+dfsg-1.debian.tar.xz 0c1e17b2f5b5d3df67a160bacd739fea 10959 javascript optional nodejs_18.19.1+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmXSQmsSHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN08GAP/0PFaphVoQJE3bnGvgKxBHk3T7ldx8Ta 1jlMZ4E8HGeDkgFpl0nu3NmnFTSkt7NGWypUbq23KbYCGjNvr+n2I+O4ntnsAAPH co/FhcYw+SvAIUt6nMldr8N6e8U7N9i64lEdDwUN+Ry/rrdYJqpX9xDOu0N2VNZ3 m9X/Q5JE/NMgv5wRTRdnMfdUVN7QCqvx7rs4N2W9VXsPWTqHNMtbwV2wqVxPmYBH YQlL/LRfQkEscZBfQopOTHMJyWLFRHko8+AR+/Gh8J4VnPqH2Ej9rLgqgjFWFt5m mNHfmstZk2QVhIRkXvg0fsdkPIFBKTwyfVTbAc6lR/viJPG7KyfqS36qBm0BLiBt rP2UHy/I21hV9bgkebB+kXYkWT8GhtQ6VthhcLhP3lXkyj7ElyQxOG1CcQFbFXEK yWp4JFhGRdHHuoSAlvOd3MeaMaZo59PdOGE3JQ1ogTmBn/F6iPWiqkyyQ6ovd/yz olp0CaQq17X8BRs2R3PxLPQLa9BkgBPASVH/4VZZGALqBYBN3T8R5uf36/Ps43X0 cpBZONFM64oXv+/I8sGqvrrJxZzDWtGokUuttEoOawYOKtlMbAIzpomaP0PV1HY3 uaSxijm+4JxVO/E1wudoRLSc8JRKTk845+iYCo/x2VSNgwKYFduy6fFgKcX4exBC q5ZjeQbicfqY =ETPI -----END PGP SIGNATURE-----
Attachment:
pgpgsitMYxGb5.pgp
Description: PGP signature