Back to nodejs PTS page

Accepted nodejs 10.24.0~dfsg-1~deb10u4 (source) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted nodejs 10.24.0~dfsg-1~deb10u4 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 26 Mar 2024 19:00:19 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: nodejs_10.24.0~dfsg-1~deb10u4_source.changes
Debian-source: nodejs
Debian-suite: oldoldstable
Debian-version: 10.24.0~dfsg-1~deb10u4
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=y3yRnoWx7SH1cQJja/oSqJb6K0rnoKKNSiTMvXuY8j0=; b=DdQArGn6OsmdPl6DTEtfXvOV/O tPvSqvPQf39a0VwYG0wQ3ZU6FpNmuNvuG5WxrZ5DYHlKFhVkxY0eP0QM6pWg2LVU0swqY61iTN12F ur8n+OuamLx+q5pYRMVCsX4+EjPMQfSOc4UCBNg0a/Sfit6wzIt2BYZ4UqDPk6DW86RG2i2Jf7VXY uhXzg7jEU1zzm7FBPqY7ntJGEVdZsvwH5s2YDBDT+ZItP2Z+0XwZ38uGi/vncbBnn1ePfM89BmGKr U0FFFeJNQf8duEwPGcyMXTnulQoqrrvMiMIgdW7+SMfSeXYNVffGyPKD2x7X61CEXnwmpmC7EMv3r DknYrLqA==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1rpC1z-00BSSz-M1@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 26 Mar 2024 00:54:55 +0100
Source: nodejs
Architecture: source
Version: 10.24.0~dfsg-1~deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1039990 1064055
Changes:
 nodejs (10.24.0~dfsg-1~deb10u4) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * d/p/CVE-2022-32212.patch: Also backport upstream commit a1121b456c (unit
     tests).
   * Fix DNS unit tests which caused FTFBS in some build environments.
   * CVE-2023-30590: Documentation change for generateKeys() API function to
     align on the actual behavior, that is, only generate a private key if none
     has been set yet. (Closes: #1039990)
   * CVE-2023-46809: Marvin Attack vulnerability in the privateDecrypt() API of
     the crypto library.  This is a timing variant of the Bleichenbacher attack
     against PKCS#1 v1.5 padding.  The fix disables RSA_PKCS1_PADDING and
     includes a security revert flag that can be used to restore support (and
     the vulnerability). (Closes: #1064055)
   * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli
     decoding.
Checksums-Sha1:
 f2fc475f0cf38a55da02ed23d7fdfe93528a95ac 3032 nodejs_10.24.0~dfsg-1~deb10u4.dsc
 6054b2a9a0c7e9138a7b618a86c9df26ae10f3ad 122320 nodejs_10.24.0~dfsg-1~deb10u4.debian.tar.xz
 93feb72cfa7cf6f551a91e16cbae31c0bad12053 9440 nodejs_10.24.0~dfsg-1~deb10u4_amd64.buildinfo
Checksums-Sha256:
 c512c0fd4bc8a6499dbb00c2bfec9796fa5ac92af0a7cc0fcd9278bdb104cf26 3032 nodejs_10.24.0~dfsg-1~deb10u4.dsc
 ca564889e120d1444c16f4564f9aa1a67e5c70b40acb50ded1fc7893b20af3b2 122320 nodejs_10.24.0~dfsg-1~deb10u4.debian.tar.xz
 66142ff41588657d5ef5cd8f1cb94a980d3d6adbc11b198be1e6b7337381b09e 9440 nodejs_10.24.0~dfsg-1~deb10u4_amd64.buildinfo
Files:
 41c0e89abe1ac0a90c266bf0b754280f 3032 javascript optional nodejs_10.24.0~dfsg-1~deb10u4.dsc
 b04aedc934ac139e86f205ab22b0374a 122320 javascript optional nodejs_10.24.0~dfsg-1~deb10u4.debian.tar.xz
 1d3c52ef39c06b6fc2fa1ed0e0d7fe4f 9440 javascript optional nodejs_10.24.0~dfsg-1~deb10u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmYCJMwACgkQ05pJnDwh
pVLg3A//fHszGll+8guJCsX/MDi5a+8c8HjYa92BoLgZv0K8uSefxae1zVcorhf2
c4B7ryGpC+NNsXJXDIslN1zeCxf67A7Mm62M3ZDSMAev2YHWibkzBSeRlGqE2Q/O
tKl94DSCU9ZTlkQy6rzIefWXRf1vn+McKazibCA5mUmVKNhWDW2LFRJpDRumCZiV
MoqiOuSLtwZCVI8yTcAsaRZj5wUVB8szDfx1Zn/ZIFbLIbwnX7S+RtUY7Y0Wpw7S
DVwTPV0CT1uZb7GSo739I3sQrPcBGXl9FuQdtByKuop5xWpOwqnnPJ2TkUj3gdDz
4YQTI/z7BXV1iJvaphkA5pRjVRrTIn9u3ZdDUWsQax+udfBenekKFppThlKdibdL
usDLlynkOHrqGJ5LxemPJnV/Pdqw1iFuWIUBOKwCWJNHukK7jQCXhbG36e6E7SQs
70s4ndWBkxwBDbTqeHl/4l8rNcuO6z6GhUCbH5oN8jNJaGAAA06WsQGh4jieMkic
15y6DrW0j6xP6siGSwzQrX1QwS/U80cOmCce3sLEQG4qKWGqV1SKRo+QOwJxOF9c
ggcqt6oE0Rk4L/a7rfOWMVc/Tfm/INRZJ8EefZ0/25bsZLEHJSjjjyFBdLelGXQh
1Y4JKXuVwE9jwU3WdrRFWVo9xBda6EU4uPQnUrKVP4Ic97Uc72c=
=goQJ
-----END PGP SIGNATURE-----

Attachment: pgpFq9J7yzail.pgp
Description: PGP signature