Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted nodejs 20.15.1+dfsg-1 (source) into unstable
Date: Tue, 09 Jul 2024 15:22:02 +0000
Signed by: Jérémy Lal <kapouer@melix.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 09 Jul 2024 10:02:04 +0200
Source: nodejs
Architecture: source
Version: 20.15.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapouer@melix.org>
Changes:
 nodejs (20.15.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 20.15.1+dfsg
   * Fix watch file to ensure ada 2.7.8
   * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
   * CVE-2024-22020: Bypass network import restriction via data URL (Medium)
   * CVE-2024-22018: fs.lstat bypasses permission model (Low)
   * CVE-2024-36137: fs.fchown/fchmod bypasses permission model (Low)
   * CVE-2024-37372: Permission model improperly processes UNC paths (Low)
   * Add another failing test to loong64/mips64el
Checksums-Sha1:
 a8ff31a597603a6f8cbfdf88e6a9911f2db2dff9 4142 nodejs_20.15.1+dfsg-1.dsc
 4e580579ef4a73cf6ab060c74433501f292c18d3 272924 nodejs_20.15.1+dfsg.orig-ada.tar.xz
 220378cb9cffb6eb6856da23c63f2c94bdf1146c 293320 nodejs_20.15.1+dfsg.orig-types-node.tar.xz
 8bf171cece56133d857ad5eda7072e4bf9aa5246 30095988 nodejs_20.15.1+dfsg.orig.tar.xz
 5e9b8dee01212c826b10370dc7c0a75e2b176f36 162460 nodejs_20.15.1+dfsg-1.debian.tar.xz
 8f07720bb77380e3206c0af0c211c6d8be6c9100 10777 nodejs_20.15.1+dfsg-1_source.buildinfo
Checksums-Sha256:
 fb5453930e2c6acb9967e377754f6174276c113b81678ed99e16b1d5dac1649b 4142 nodejs_20.15.1+dfsg-1.dsc
 b58fd8b7ef61255b66d42b66e32e74ccdde61c4e02facd6b5a566618e32e993e 272924 nodejs_20.15.1+dfsg.orig-ada.tar.xz
 b961352cb912d7bfcb2ac858bcc1a4441f081db71acba2f0b6d26ab7c22c8074 293320 nodejs_20.15.1+dfsg.orig-types-node.tar.xz
 45b5a7cbaf187588ea0fdc90f2cc8477df5225eb453f587a65e747522a801381 30095988 nodejs_20.15.1+dfsg.orig.tar.xz
 dff2c5811fab0efcafe494ca6610453f15bd7519ba2229fa300d2f891370f5fa 162460 nodejs_20.15.1+dfsg-1.debian.tar.xz
 ee9fa4d96b469baeb9a544690b15f1398f4ad09054878c8767559024ac09dbf7 10777 nodejs_20.15.1+dfsg-1_source.buildinfo
Files:
 997e5ed567e67e6a1519bd33e2522aac 4142 javascript optional nodejs_20.15.1+dfsg-1.dsc
 774dbd4a3931a17737b3c27a7a67d587 272924 javascript optional nodejs_20.15.1+dfsg.orig-ada.tar.xz
 bb667f6fe9d5e8f6f62213ea19d46cc9 293320 javascript optional nodejs_20.15.1+dfsg.orig-types-node.tar.xz
 3a3c01f849f9a9bff69d9bef0f207e5d 30095988 javascript optional nodejs_20.15.1+dfsg.orig.tar.xz
 a0755aee10e0a5c5c1f0b75877bf1cc2 162460 javascript optional nodejs_20.15.1+dfsg-1.debian.tar.xz
 ed1ad5014d9f122632716379a72ef64f 10777 javascript optional nodejs_20.15.1+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmaNRLQSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN094cP/32w8+Cqso1fRm7Ayw7lbWSVZ1OA3n77
fOwkXksXNq3mbIo9jFZJbjcdbtfnFnh2GyOh/KBof/ej36izoVQsmAoapPDhnJ0x
I6cp77AToDpdLQFp4cIwbE3AAKNfoVUwWjmokyFSpaOfyO5BJu/Sx5nUglwnibui
1UOCqY52xEyZ7E3v8O5xf9uyXSEHSFMZLOLS5adFJZ/xyDPtVlLc83AAT2xxNTWx
4e/DHPqPqAkpEV+NYS09zi4jQR6tp/yp2Gc+AX84f4Ipx1lXqpLDC7IgqMXL69ml
XMsolfiM4YJinr3o9PF7KsKnWrNBtC3qbGLC12t26A97Mnx6c/OoOtgQAYopN69E
o1IAVRGsb8RyCJGxVDNpZcWjOfUHNgQiWSEV3SqA53ipD4eTk9VzcJwa8ImFSlDj
CQgirUh1BRwi/bXWFfF7mj5o4pZq9HT74XVyKPHwiqnm4ILemdIFPPapx8VnHcwW
IUoiL2bIxKzho9w0IbISDhQPQxsvFHKa63HELdZDASL0mUh6fL/gBqmyKsqgd79E
WYw7XhdRr4RDCQgpVwd7O7rEh3/tyfU1RVtcSnxPKeHJAFu2NL1sA0rXKE+LzorL
/kjjZWwQlfYhzdNr90mhu7Yyd+BNsc3DTxdX7O8Q39kEHcbcpjzKiHJKpQpqeEFy
7Q1WxH/Cyawv
=iw1p
-----END PGP SIGNATURE-----
News for package nodejs
