-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 07 Jan 2023 19:27:55 +0800 Source: nodejs Architecture: source Version: 12.22.12~dfsg-1~deb11u2 Distribution: bullseye-security Urgency: high Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net> Changed-By: Aron Xu <aron@debian.org> Changes: nodejs (12.22.12~dfsg-1~deb11u2) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Backport upstream fix for: - CVE-2022-32212, CVE-2022-43548: IsAllowedHost check bypass - CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35256: several HTTP Request Smuggling (HRS) in llhttp parser. - CVE-2022-35255: better randomness setup V8:EntropySource() Checksums-Sha1: 9661296cc3bb3c6529a2f7a5f0abee65fc837b58 3135 nodejs_12.22.12~dfsg-1~deb11u2.dsc e098113fab456f74d311bf77a086490351ecf37a 150420 nodejs_12.22.12~dfsg-1~deb11u2.debian.tar.xz e27da2fcb8ccde4348991d7c4f5d68471d7d9ad6 6969 nodejs_12.22.12~dfsg-1~deb11u2_source.buildinfo Checksums-Sha256: cd02f25a886be794df8ab4941bebbc48247a866692d907a925b3502ba5f582c1 3135 nodejs_12.22.12~dfsg-1~deb11u2.dsc 9ff180c488dc835abcd4ce26c9856f8a99c42029211c9cf786b46eeaf0968e9d 150420 nodejs_12.22.12~dfsg-1~deb11u2.debian.tar.xz d784fa93b7195886e2ae298ecd3653cb0a2ead5670eaec8db2d2c046b25ca231 6969 nodejs_12.22.12~dfsg-1~deb11u2_source.buildinfo Files: b05f49f750f64d38d810003823c23c5d 3135 javascript optional nodejs_12.22.12~dfsg-1~deb11u2.dsc eb72460c512ef8bbcb9d60d72d9380c9 150420 javascript optional nodejs_12.22.12~dfsg-1~deb11u2.debian.tar.xz 80160ffc878fafbcd91ffa246a52bfa9 6969 javascript optional nodejs_12.22.12~dfsg-1~deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPIy8UACgkQO1LKKgqv 2VSGkAf/XykNp5UwiDqDFxiYieLhaTYYziF3SzGBesRzvH5onYHeaToJ97iau1Sn jdcM8vx45A17nYjxxoHeHZyp96ZHXKDwTuJDeQ0yqFnbMfs0uOKU3aWGG8ZgEEjx TpYhp9VvyVRKDEr6k0c8e+QD+1emmI3h8YFZFsfewK3S7gxNigAd1+hGFfN/1rtm G3otKU1hV8wZz88/vtMihZzHmFmuuC3f2qoo+KOODBmOAxOjWHeuf9NFEyCXbp7a vhng4WQMGue8pxpx4NGBk7lS1uQ+9rpQSeQHxzoRhDD0K8cVaol0A0MvHcqGRGLq 6I3TXBHvmnuWL8zB9V6LvHvhBXCc7A== =jSGZ -----END PGP SIGNATURE-----