Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted nodejs 12.22.12~dfsg-1~deb11u1 (source) into proposed-updates
Date: Sat, 18 Feb 2023 17:47:38 +0000
Signed by: Jérémy Lal <kapouer@melix.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Jun 2022 00:01:12 +0200
Source: nodejs
Architecture: source
Version: 12.22.12~dfsg-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapouer@melix.org>
Changes:
 nodejs (12.22.12~dfsg-1~deb11u1) bullseye-security; urgency=medium
 .
   * New upstream version 12.22.12
     Fixes a shutdown crash in Node-API (formerly N-API) and
     a potential stack overflow when using vm.runInNewContext().
   * Backport upstream fix for test_dns_lookupService_promises.js
     to pass also when /etc/services is not installed.
   * New upstream version 12.22.9
     + CVE-2021-44532: Certificate Verification Bypass
       via String Injection (Medium)
     + CVE-2021-44533: Incorrect handling of certificate subject
       and issuer fields (Medium
     + CVE-2022-21824: Prototype pollution via console.table
       properties (Low)
   * New upstream version 12.22.7
     + CVE-2021-22959: HTTP Request Smuggling due to
       spaced in headers (Medium)
     + CVE-2021-22960: HTTP Request Smuggling
       when parsing the body (Medium)
Checksums-Sha1:
 4596647db82e451dc7aea58ee9d413121bd369c5 3505 nodejs_12.22.12~dfsg-1~deb11u1.dsc
 1fef218bb8d9f06059919565b50cc122dc10cebb 87112 nodejs_12.22.12~dfsg.orig-types-node.tar.xz
 502cfe0a9691d3974ca79e9f82aa4eed6eb24380 19005908 nodejs_12.22.12~dfsg.orig.tar.xz
 ae0b942805e1421d33d2b6804328573d6769c873 136992 nodejs_12.22.12~dfsg-1~deb11u1.debian.tar.xz
 fb45c81723206e1994ed8da77de544f1974e94c2 10298 nodejs_12.22.12~dfsg-1~deb11u1_source.buildinfo
Checksums-Sha256:
 10cc3933f64cde21071c63d23d1b4df9dc0de29f135bd192809f41d723f082d4 3505 nodejs_12.22.12~dfsg-1~deb11u1.dsc
 e640dd32d922eed23cd5dabf56600cfd335ea5ce3c756dc96024adebf94555f8 87112 nodejs_12.22.12~dfsg.orig-types-node.tar.xz
 06f8eb29e52d5eb720c4ae2316b3c1b71efb12aa73bf27138f1cc776a7315aff 19005908 nodejs_12.22.12~dfsg.orig.tar.xz
 383c86b7f5d537f715e8449656a4841a27443d5ec6c57afe82451db4fb3824aa 136992 nodejs_12.22.12~dfsg-1~deb11u1.debian.tar.xz
 5caf10f9eebd3b4d6ad53d672e1b1b0d13bed4557d062e0c11390c393c4cc293 10298 nodejs_12.22.12~dfsg-1~deb11u1_source.buildinfo
Files:
 1231a7a3b118013531c81226fbb1319f 3505 javascript optional nodejs_12.22.12~dfsg-1~deb11u1.dsc
 b3dc69de461763b2918b81ef426fe0ff 87112 javascript optional nodejs_12.22.12~dfsg.orig-types-node.tar.xz
 effb4e471c3cf4c7184d357a38985c56 19005908 javascript optional nodejs_12.22.12~dfsg.orig.tar.xz
 74ea416f392aab77619ddedf6da63838 136992 javascript optional nodejs_12.22.12~dfsg-1~deb11u1.debian.tar.xz
 110b89dfccbc3df004a717c5404ad379 10298 javascript optional nodejs_12.22.12~dfsg-1~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmK5XPMSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0nCwQALG4URDn7Tzj4RL3S8ixLErHbWcN5/C3
+F1mmRcp/JcfpN2R032AIfIDkhwnDGAZxa15efg0xZwanqi+RldtaW5kDLoD5Xti
I84WUmsfV1G5P1rPckPbExFWZZw3sKIodria4RxAd+m5B/bloCVDKXPlRNl1ksRK
31q+DM40IzZHIfme41IXS2Y2Upc3WNXcBM1bzJSjk8LGbFB+ig+MRItKONJqa15Y
g7wXlQ5PWmuOuv05CB1+HhRv4uuhQBm5tlTxX5VWVrJrqI4mcrU44M6ksqqSMPR/
uqpIs3O+WOj/HQ51WgnjMAm9/C4faVsvnBta6WIAzGmHk/7x4xhX1k/mRoTNDSaf
CsgYUmwUC+T+AIsAO3Gnhf5oWI4Zgb1wswsP8mgVWHCL+LH4rYA1ZZwvjy+IEyjA
2fTiK4U0soQf+VECfvjRRlgzjdFQFmnb/BDERijs7Oz7ighlyZnK62XXxFVqqPLt
6OwSPChxhp/nmMo1zMKdrPqXAOo+9xrWOS2k+/OOJFi9AI1q/G6XseJGpBSt8Jhe
9SeXyzpXPUjCF4aholoeV4kUbMQUbbnR6RqGItnX0BtwlN9lPtWbRUFYRvzx2S2t
qiYKnyjFTHz1AZbO2NOowhj47ItvM3QjOgr4wnVDsNWkEBBPOT8p1+cJ2UOl/3hF
kbLN6qZ3vSIv
=4r98
-----END PGP SIGNATURE-----
News for package nodejs
