[Pkg-javascript-devel] nodejs_18.13.0+dfsg1-1.1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Nov 22 19:06:38 GMT 2023 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Nov 2023 18:15:44 +0100
Source: nodejs
Architecture: source
Version: 18.13.0+dfsg1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
Closes: 1031834 1039990 1050739 1052470 1054892 1055416
Changes:
 nodejs (18.13.0+dfsg1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Adapt testsuite failures in test-crypto-dh since OpenSSL 3.0.12/3.1.4
     (Closes: #1055416).
   * Adapt testsuite failures due TLSv < 1.1 available only at seclevel 0
     (Closes: #1052470).
   * CVE-2023-23919 (Node.js OpenSSL error handling issues in nodejs crypto
     library). (Closes: #1031834).
   * CVE-2023-23920 (Node.js insecure loading of ICU data through ICU_DATA
     environment variable) (Closes: #1031834).
   * CVE-2023-30590 (DiffieHellman do not generate keys after setting a private
     key) (Closes: #1039990).
   * CVE-2023-30589 (HTTP Request Smuggling via Empty headers separated by CR)
    (Closes: #1039990).
   * CVE-2023-30588 (Process interuption due to invalid Public Key information
     in x509 certificates) (Closes: #1039990).
   * CVE-2023-32559 (Permissions policies can be bypassed via process.binding)
     (Closes: #1050739).
   * CVE-2023-30581 (mainModule.proto bypass experimental policy mechanism)
     (Closes: #1039990).
   * CVE-2023-32002 (Permissions policies can be bypassed via Module._load)
     (Closes: #1050739).
   * CVE-2023-32006 (Permissions policies can impersonate other modules in
     using module.constructor.createRequire()) (Closes: #1050739).
   * CVE-2023-38552 (Integrity checks according to policies can be
     circumvented) (Closes: #1054892).
   * CVE-2023-39333 (Code injection via WebAssembly export names)
     (Closes: #1054892).
Checksums-Sha1:
 dcaebed33f6dcc4676e2de5744eedd113a8b896f 3893 nodejs_18.13.0+dfsg1-1.1.dsc
 40afec3b105abf5f5103060af70a3b92c4fe3133 193396 nodejs_18.13.0+dfsg1-1.1.debian.tar.xz
Checksums-Sha256:
 28f1b461b19098a6c8a7918fa1e233350160c429dcfd5d5859d9e510948048c2 3893 nodejs_18.13.0+dfsg1-1.1.dsc
 3bef0de67aa1831dc43fdda99f314cdb7b13361d3d3b34a88dd5df8b6e3cf23d 193396 nodejs_18.13.0+dfsg1-1.1.debian.tar.xz
Files:
 7e942e84e0e8b3acebaa5ea6ca48aa49 3893 javascript optional nodejs_18.13.0+dfsg1-1.1.dsc
 2a6f98d11292e933c2d0f2fc486ce3b1 193396 javascript optional nodejs_18.13.0+dfsg1-1.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmVeThAACgkQBWQfF1cS
+luFTAv/X+K/+6VVXsEJfu17fR8JCt2wwc55rQ/Za6rCIDpgWgIvwrxeMHdNTr0f
TmK5eEIhjZ2kL4y2CNhuBt2Hdmpa526RGdTmfgDxVop7VGFTamr9o3NQvrx6EaO3
AJhVRG6VGvVpPXBeVAdraXQWaTj+oda1idZf7Aw5/VdT3h+n4/do7XQtQJBlJFvG
TQSUq7PtGi3qJ9Pje1P0JQcIPPONsgqG18JHXlBPvWkoyah91YdGcsTyxTX1k241
l1Vb83HLSUU24xxk58oGJ7NAX82BDHGGxhgpDSm17sjlqjNtRdjPaUqAi+lyVohg
l1GppruqQYk80iG6Fgo1x5ew/XsTe+ger2kypJhcTIGwB6PlhTif/6J/ukwvln0p
F+I8Gd3ftj+U9CrfUDQfvh65k1wIJYVlb/97RQDZZNHZWQRlTc8QL++68aWImc7g
nSJ5DSSlLQHWb7z0+oQN4B4iQukAGo2iRoMlTbZYwedAEihClslofbAU2CGZCd44
eNLNnOX/
=7nMl
-----END PGP SIGNATURE-----

More information about the Pkg-javascript-devel mailing list