[Pkg-javascript-devel] nodejs_18.20.4+dfsg-1~deb12u1_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri Aug 29 19:45:42 BST 2025 

Thank you for your contribution to Debian.

Mapping oldstable-security to oldstable-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 09 Jul 2024 17:36:33 +0200
Source: nodejs
Binary: libnode-dev libnode108 nodejs nodejs-doc
Architecture: source amd64 all
Version: 18.20.4+dfsg-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapouer at melix.org>
Description:
 libnode-dev - evented I/O for V8 javascript (development files)
 libnode108 - evented I/O for V8 javascript - runtime library
 nodejs     - evented I/O for V8 javascript - runtime executable
 nodejs-doc - API documentation for Node.js, the javascript platform
Closes: 922075 1074047 1076350 1086652
Changes:
 nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 18.20.4+dfsg. Closes: #1074047.
   * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14
     for compatibility with other packages.
   * test-runner-output is flaky on slow platforms
   * Disable test-cluster-primary-* flaky/hanging tests.
   * Fix test failing with openssl 3.0.14. Closes: #1086652.
   * CVE-2024-22020: Bypass network import restriction via data URL (Medium)
   * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
   * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session()
     leads to HTTP/2 server crash (High)
   * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium)
   * CVE-2024-22025: Denial of Service by resource exhaustion in fetch()
     brotli decoding (Medium)
   * CVE-2024-21892: Code injection and privilege escalation
     through Linux capabilities (High)
   * CVE-2024-22019: Reading unprocessed HTTP request with
     unbounded chunk extension allows DoS attacks (High)
   * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium)
   * Static link on 32bits architecture libuv. Closes: #922075, #1076350.
     Thanks to Bastien Roucariès.
Checksums-Sha1:
 76413b35260e2bb56588e68654d5e54a186a1740 4359 nodejs_18.20.4+dfsg-1~deb12u1.dsc
 4e580579ef4a73cf6ab060c74433501f292c18d3 272924 nodejs_18.20.4+dfsg.orig-ada.tar.xz
 4cad22f4545483163b468271d06f425b15f1dcf0 267236 nodejs_18.20.4+dfsg.orig-types-node.tar.xz
 a0c8b9acf0982e9010edb24542aa83d55e65fbde 29390728 nodejs_18.20.4+dfsg.orig.tar.xz
 efebd919d4ae4873bbf9b2e3fe365fbba1574be9 169104 nodejs_18.20.4+dfsg-1~deb12u1.debian.tar.xz
 a06f8fb211d32325e7550a6c5726ce90a5d7cc3b 511368 libnode-dev_18.20.4+dfsg-1~deb12u1_amd64.deb
 fd519d1ef11df91d34499f8430db078f3b5e680d 10626484 libnode108_18.20.4+dfsg-1~deb12u1_amd64.deb
 6de046fe960c3ef0f49bea92ad732a874de4c2b5 3578752 nodejs-doc_18.20.4+dfsg-1~deb12u1_all.deb
 39febb2ce2af75dd635aef79d79346bb89cdfbc9 11456 nodejs_18.20.4+dfsg-1~deb12u1_amd64.buildinfo
 f9d9f762e7a0c1bc96ab4db0b31c77ce8f14c62e 319312 nodejs_18.20.4+dfsg-1~deb12u1_amd64.deb
Checksums-Sha256:
 e872fc45081a436c62539c035c6eefab2abd83e66fa2752ab1a6f4a477857a27 4359 nodejs_18.20.4+dfsg-1~deb12u1.dsc
 b58fd8b7ef61255b66d42b66e32e74ccdde61c4e02facd6b5a566618e32e993e 272924 nodejs_18.20.4+dfsg.orig-ada.tar.xz
 5bd8293f0adfb7bc744e3071bdbd184fd02f973931396ba816ff61514ecd62a9 267236 nodejs_18.20.4+dfsg.orig-types-node.tar.xz
 6ce58062c71eae37d9c5ac31eeaeff9c2d48561d21c2849179d056c9c1bd9ebc 29390728 nodejs_18.20.4+dfsg.orig.tar.xz
 bd8b2acac5b28e88c3a452246b9c49de3c59814d33eae46c28173cac6de7a3b7 169104 nodejs_18.20.4+dfsg-1~deb12u1.debian.tar.xz
 b88033e2e6ea9d151f43c2f161c29989e09d8cbe6b8b8707b9c8a2bcb53f5674 511368 libnode-dev_18.20.4+dfsg-1~deb12u1_amd64.deb
 6b65a9d012a8822964bdc7dd7dc35a277c10e371bf057b30c1e41dfad09d3b64 10626484 libnode108_18.20.4+dfsg-1~deb12u1_amd64.deb
 001502044dbbe143c94c680f1b618df94c285c19c467b237f0afa5f5df3fec47 3578752 nodejs-doc_18.20.4+dfsg-1~deb12u1_all.deb
 35ca205c33791474e85a12e6ed2cda058d18669b20487e4daefc67ea0ee6d328 11456 nodejs_18.20.4+dfsg-1~deb12u1_amd64.buildinfo
 30571c0188b04916112205268ac0b2740f02abac0a4e807b1730ea7df81a650f 319312 nodejs_18.20.4+dfsg-1~deb12u1_amd64.deb
Files:
 d7a7712ea0fe9fdf293eed32e7a25ea8 4359 javascript optional nodejs_18.20.4+dfsg-1~deb12u1.dsc
 774dbd4a3931a17737b3c27a7a67d587 272924 javascript optional nodejs_18.20.4+dfsg.orig-ada.tar.xz
 8cabd2aa436c05f698a17368826a8645 267236 javascript optional nodejs_18.20.4+dfsg.orig-types-node.tar.xz
 157a1ca8a7c3ca2465402e0326511581 29390728 javascript optional nodejs_18.20.4+dfsg.orig.tar.xz
 6684db37386ed58a59c99a8756add91a 169104 javascript optional nodejs_18.20.4+dfsg-1~deb12u1.debian.tar.xz
 88989532bbf115aad8ee46e271f522cb 511368 libdevel optional libnode-dev_18.20.4+dfsg-1~deb12u1_amd64.deb
 df9ac0656df9e964ca6f0f29701aefaa 10626484 libs optional libnode108_18.20.4+dfsg-1~deb12u1_amd64.deb
 08e8da385d41c4c314309d40eac83432 3578752 doc optional nodejs-doc_18.20.4+dfsg-1~deb12u1_all.deb
 4c5db4b673a6f4c378fd78537a8c770b 11456 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_amd64.buildinfo
 1e3bafbcaa5373d15fc73826cbe35483 319312 javascript optional nodejs_18.20.4+dfsg-1~deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmirp4MSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0suUQAIFsFTYVeSbUQ6e/MJET2W4mdOPUhg40
ZKqLAzBEkvYc8Qm+lAHfZpeNnG2b3ETf5CInjlKFt7ZV9yTdxVnpZslx1TEAk8r2
uBQzDZRogPJZGgfg7df3BgQ2/labolsSiwLGdtuHS3pbhy1G9cPPjHnSQ8OXM9UX
qE9Gxz6kMXdnHwWPdkJVNiGY819K6r5w4d+YwsEgEVMbMkukoXnGpG2ODI4/Jnjj
Eww8OdKJNgA8smRzUFNW1kAN3a+xeL100FIphQ171Lm+YwxCieVI8rkFq37d1nBd
PYGVx0iBW6fLJq59sHeTV2MpYQFVkRSGpt86UKv/dx/hrl6y6hM2VBmDa/IuMC3F
5XBkp/YlhXAIK0sFE9fHXeHccg0T+bOGhaakHBNskuLTZmj2tT5qr+hGXfcA4fDI
Cw1kpGsxPKxd8NbttCmIH2Rb5Oa7vjcPGpJy752D6CL8Hp2Z8SMLqyetgk2cIecD
19EsYhu9yn9cZr+TG55sIVNS2rqFCidjFJj5Er463jVkIdet6uN9qB0xRu4N1ep0
vZadXt7ghQC4aOc2gDRVMXRrf3n8tJMeh6ZwmixbCYx8jp0NOzZXy36TKb4oTHtr
0LmbJq561xkUFwgIgI6e62g0fhEdRpRToy5jp2Ka8mwi9KqvLTPziBYjMMRrH/MX
zIX9PoGePwkC
=6PZ8
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20250829/5152af5f/attachment.sig>

More information about the Pkg-javascript-devel mailing list