Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted nodejs 10.24.0~dfsg-1~deb10u3 (source) into oldstable
Date: Sat, 25 Feb 2023 21:10:21 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 25 Feb 2023 01:29:22 +0100
Source: nodejs
Architecture: source
Version: 10.24.0~dfsg-1~deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1023518 1031834
Changes:
 nodejs (10.24.0~dfsg-1~deb10u3) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2022-43548: OS Command Injection vulnerability due to insufficient
     `IsAllowedHost` check. Closes: #1023518.
   * CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment
     variable. Node.js now builds with ICU_NO_USER_DATA_OVERRIDE to avoid this.
     Closes: #1031834.
Checksums-Sha1:
 0d399408794fb3805484a599d650164e40eaa76d 3032 nodejs_10.24.0~dfsg-1~deb10u3.dsc
 b1bfcfc5c9bd0ac1fdcc9f0fbbee9da50c359add 114168 nodejs_10.24.0~dfsg-1~deb10u3.debian.tar.xz
 df102088033efbb9186298a83a2891588cab371d 9406 nodejs_10.24.0~dfsg-1~deb10u3_amd64.buildinfo
Checksums-Sha256:
 47fcb84d27a4af7acd81873ad06e9cd1c5a584313a23d15997e0caa99d5d1cc8 3032 nodejs_10.24.0~dfsg-1~deb10u3.dsc
 0d311e581975744b18713069c2fe1524230e17e61537e57a9fd7dd57928879ac 114168 nodejs_10.24.0~dfsg-1~deb10u3.debian.tar.xz
 1b519d45de7b08df39b1c6dc76691ad02ef8b4222b6bda0862289cf126761dbe 9406 nodejs_10.24.0~dfsg-1~deb10u3_amd64.buildinfo
Files:
 74d2e5dd9446f8b7b82e44e189bfd41b 3032 javascript optional nodejs_10.24.0~dfsg-1~deb10u3.dsc
 8e3410b96ae5493527c19f3265996570 114168 javascript optional nodejs_10.24.0~dfsg-1~deb10u3.debian.tar.xz
 7624f0daa570a7d6f95992a308f8a412 9406 javascript optional nodejs_10.24.0~dfsg-1~deb10u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmP5adwACgkQ05pJnDwh
pVI6sBAAw4P1Wl/YtLfLHYX7dzHYf6p7Z1Naoo7NNsZJ70EUXhvvZ9/V0BAI82xn
WcyR17hII35O1a049Mx4KdWoj9tQO5QIrsXdZnR97hp8l8+KKHEkUXxsYOWdzDsv
jD3+hmdd60rivGTokWBxGKstPA8IO8ZZhVxmbSfsjBrQ2fwhvSAlLUbz+vyHJwga
UNmUMOm/+uVQm/CyaKtl/8Y0LZz4z8Gs6WUEEhMpp/9vsKmaypbQ7SGMRqH+4Y4M
gffuK2d2G6E1UXyfsgDkzrSLY/8Ze6zl/DJjIA0+DFK5XDbjdOjz+6IlwRDyULbd
IO/4MmgjLF7tXIGyq09jNbYac/2ZFMBmLvq7I5B0p+SjSnLuLCRuuBXU4clVokNx
VD3zF5tsN0/DGEUPiRwsO0QDQnEmACMc4q2fvYWF00XuZqZO6DZeUlA2uq/mrA2r
+O5VESwpVJthCh+W6HyV8qaNAaX/AuQE+HUw5SOnAGJ3e3D0lybnHesXQcH14YOh
NypO4jSMre9QumJ89G0CpOOnE0aQvS7onGFwbTkXFh9Y8AuWMQaWX8D9K7uJo/ns
Z9iq7GB1KKZon7/XRb3H1qLY4Elhxdn+pNUMaADldm5Vcs5+IESz0pgEf8TpjjDS
W8hKSJp+0kHy6ezxkzfX0JpW0nbsopvASoFPzcK1ooVeDKWwl7c=
=OlrX
-----END PGP SIGNATURE-----

News for package nodejs