-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 16 Sep 2020 14:59:04 +0200 Source: nodejs Architecture: source Version: 12.18.4~dfsg-1 Distribution: unstable Urgency: high Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net> Changed-By: Jérémy Lal <kapouer@melix.org> Changes: nodejs (12.18.4~dfsg-1) unstable; urgency=high . * New upstream version 12.18.4~dfsg Vulnerabilities fixed: + CVE-2020-8201 HTTP Request Smuggling due to CR-to-Hyphen conversion (High) + CVE-2020-8252 fs.realpath.native on may cause buffer overflow (Medium) Checksums-Sha1: 0308f86ce875967fe22c0e02d0d222d0c43f4149 3161 nodejs_12.18.4~dfsg-1.dsc bf86a7d9ee3adcca51a8157b1bdf8aa41ec9fa02 18197180 nodejs_12.18.4~dfsg.orig.tar.xz 13cb40f64499f816d974282decd1ca2bd553f5f2 132840 nodejs_12.18.4~dfsg-1.debian.tar.xz bacf620f530f365cfa81f47ff30a68f44d6510e5 7940 nodejs_12.18.4~dfsg-1_source.buildinfo Checksums-Sha256: 206626d3c89bfd8df24caeb90e04eb8344d3f7f59417b7b05d9aff25fb719708 3161 nodejs_12.18.4~dfsg-1.dsc 7cefcb3b0c2a79db6f08b52c5eff115a71f867e81c606ada5994d7afc653edd2 18197180 nodejs_12.18.4~dfsg.orig.tar.xz c60e2f3fc83998b1f72926aec23a49147afce621bd444b799d2f85ecb3745b87 132840 nodejs_12.18.4~dfsg-1.debian.tar.xz ed2185d0a23078ebb55d91d27b0402d2978d8ce8bc9608672904a142e0960ac0 7940 nodejs_12.18.4~dfsg-1_source.buildinfo Files: a4bc281f2d95e672ed09556081a756ef 3161 javascript optional nodejs_12.18.4~dfsg-1.dsc 14c340a0a9b3b6355c24781cedb6ab84 18197180 javascript optional nodejs_12.18.4~dfsg.orig.tar.xz 5f5bc811d445ddfd82da70986ac8e6ca 132840 javascript optional nodejs_12.18.4~dfsg-1.debian.tar.xz 9f5466dbbac524e2b125961f0b280d43 7940 javascript optional nodejs_12.18.4~dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAl9iJHYSHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN0fwsQAJcfEZslzADcexDsKhFMVtRQHN0X6aOQ uWjf/SjlvxtZWj4jzv7dEk3JVm0KooycI9Mzy5TJgt1bRbpn4OkYl5tLggHaAQP+ inVFTxeZNdW4lkE08M+PtWkh4akNbI5W+BU+HVvrCM79oCLToIVB5qnA3QbAnoKL gAMO98e7W6/dTggDFtRpYksS4eZmtdcmW7KOn+oynnpiIhh0OjT/qIvyYQJ9HXht 15SC2T7+gd1OtXb+nTgq9SCMoOU1BdhvzGqwtcsYk0kYypacPAWZki+WDbvQ9g8u lBVo3nobGoYbijyuE012HptlqRl6PJsXreFDyY0bhxiqg5BwEPC8PioC3OFeuWaP 4Km2jd/loXXG3B0gNIungV/9fopekLhWTj7brz/Rmr0Dy0nhZXW4xrssH4RC2OdD Ij81z7l6NRsEyDFufqsHwJARd6lJdnWiF8OuLvRm09EJcHc+NpcuyyhfpErR0NJS AryzhTry4lOda4TZJNPrRpJLlT5quJndssj42IY7Lfn+t2+jxIkV0umYMX3T7aAc gcBvw/AjhFfiBfD8fWyZ20h5wcVBNx3HvTu30xaKcHKG2YOFIrXk8fy29hj0Pb2j l48q+XqnwQKLJ0HPCMgbIB5ar9MeD1nk/6mZzMbXkCuSFgWHkyw/kRPAHEYfy64/ t7bMiQ0CNCk8 =7KEh -----END PGP SIGNATURE-----