-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 22 Nov 2023 18:15:44 +0100 Source: nodejs Architecture: source Version: 18.13.0+dfsg1-1.1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net> Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Closes: 1031834 1039990 1050739 1052470 1054892 1055416 Changes: nodejs (18.13.0+dfsg1-1.1) unstable; urgency=medium . * Non-maintainer upload. * Adapt testsuite failures in test-crypto-dh since OpenSSL 3.0.12/3.1.4 (Closes: #1055416). * Adapt testsuite failures due TLSv < 1.1 available only at seclevel 0 (Closes: #1052470). * CVE-2023-23919 (Node.js OpenSSL error handling issues in nodejs crypto library). (Closes: #1031834). * CVE-2023-23920 (Node.js insecure loading of ICU data through ICU_DATA environment variable) (Closes: #1031834). * CVE-2023-30590 (DiffieHellman do not generate keys after setting a private key) (Closes: #1039990). * CVE-2023-30589 (HTTP Request Smuggling via Empty headers separated by CR) (Closes: #1039990). * CVE-2023-30588 (Process interuption due to invalid Public Key information in x509 certificates) (Closes: #1039990). * CVE-2023-32559 (Permissions policies can be bypassed via process.binding) (Closes: #1050739). * CVE-2023-30581 (mainModule.proto bypass experimental policy mechanism) (Closes: #1039990). * CVE-2023-32002 (Permissions policies can be bypassed via Module._load) (Closes: #1050739). * CVE-2023-32006 (Permissions policies can impersonate other modules in using module.constructor.createRequire()) (Closes: #1050739). * CVE-2023-38552 (Integrity checks according to policies can be circumvented) (Closes: #1054892). * CVE-2023-39333 (Code injection via WebAssembly export names) (Closes: #1054892). Checksums-Sha1: dcaebed33f6dcc4676e2de5744eedd113a8b896f 3893 nodejs_18.13.0+dfsg1-1.1.dsc 40afec3b105abf5f5103060af70a3b92c4fe3133 193396 nodejs_18.13.0+dfsg1-1.1.debian.tar.xz Checksums-Sha256: 28f1b461b19098a6c8a7918fa1e233350160c429dcfd5d5859d9e510948048c2 3893 nodejs_18.13.0+dfsg1-1.1.dsc 3bef0de67aa1831dc43fdda99f314cdb7b13361d3d3b34a88dd5df8b6e3cf23d 193396 nodejs_18.13.0+dfsg1-1.1.debian.tar.xz Files: 7e942e84e0e8b3acebaa5ea6ca48aa49 3893 javascript optional nodejs_18.13.0+dfsg1-1.1.dsc 2a6f98d11292e933c2d0f2fc486ce3b1 193396 javascript optional nodejs_18.13.0+dfsg1-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmVeThAACgkQBWQfF1cS +luFTAv/X+K/+6VVXsEJfu17fR8JCt2wwc55rQ/Za6rCIDpgWgIvwrxeMHdNTr0f TmK5eEIhjZ2kL4y2CNhuBt2Hdmpa526RGdTmfgDxVop7VGFTamr9o3NQvrx6EaO3 AJhVRG6VGvVpPXBeVAdraXQWaTj+oda1idZf7Aw5/VdT3h+n4/do7XQtQJBlJFvG TQSUq7PtGi3qJ9Pje1P0JQcIPPONsgqG18JHXlBPvWkoyah91YdGcsTyxTX1k241 l1Vb83HLSUU24xxk58oGJ7NAX82BDHGGxhgpDSm17sjlqjNtRdjPaUqAi+lyVohg l1GppruqQYk80iG6Fgo1x5ew/XsTe+ger2kypJhcTIGwB6PlhTif/6J/ukwvln0p F+I8Gd3ftj+U9CrfUDQfvh65k1wIJYVlb/97RQDZZNHZWQRlTc8QL++68aWImc7g nSJ5DSSlLQHWb7z0+oQN4B4iQukAGo2iRoMlTbZYwedAEihClslofbAU2CGZCd44 eNLNnOX/ =7nMl -----END PGP SIGNATURE-----
