-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 23 Feb 2025 23:47:30 +0000 Source: nodejs Architecture: source Version: 12.22.12~dfsg-1~deb11u6 Distribution: bullseye-security Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1094134 Changes: nodejs (12.22.12~dfsg-1~deb11u6) bullseye-security; urgency=medium . * Non maintainer upload by LTS team * Fix CVE-2025-23085 (Closes: #1094134) A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. Checksums-Sha1: 6ff11deaa11b6cdf6163991b13ea4d7601076647 3480 nodejs_12.22.12~dfsg-1~deb11u6.dsc 1fef218bb8d9f06059919565b50cc122dc10cebb 87112 nodejs_12.22.12~dfsg.orig-types-node.tar.xz 502cfe0a9691d3974ca79e9f82aa4eed6eb24380 19005908 nodejs_12.22.12~dfsg.orig.tar.xz 74ef0d33b82ab59a10160ac3cc5cd732db919543 175832 nodejs_12.22.12~dfsg-1~deb11u6.debian.tar.xz 4aec8667ca1da6d533b0b012295af4a06e6efc7a 11083 nodejs_12.22.12~dfsg-1~deb11u6_amd64.buildinfo Checksums-Sha256: ce18701b8d36e08fa6ada69245b95d13866bd356598d2d0eb6079c01719ed639 3480 nodejs_12.22.12~dfsg-1~deb11u6.dsc e640dd32d922eed23cd5dabf56600cfd335ea5ce3c756dc96024adebf94555f8 87112 nodejs_12.22.12~dfsg.orig-types-node.tar.xz 06f8eb29e52d5eb720c4ae2316b3c1b71efb12aa73bf27138f1cc776a7315aff 19005908 nodejs_12.22.12~dfsg.orig.tar.xz bd3c48556fbadbd436e5de0b1ff2947b823b9ccd110d54b8a628b504708753f6 175832 nodejs_12.22.12~dfsg-1~deb11u6.debian.tar.xz f0ca54c091e0a69f12a38e2749fc12523079f0e49ccfa202046c375bb157b32d 11083 nodejs_12.22.12~dfsg-1~deb11u6_amd64.buildinfo Files: 0d79e8798fffb2418385328ff6e3709e 3480 javascript optional nodejs_12.22.12~dfsg-1~deb11u6.dsc b3dc69de461763b2918b81ef426fe0ff 87112 javascript optional nodejs_12.22.12~dfsg.orig-types-node.tar.xz effb4e471c3cf4c7184d357a38985c56 19005908 javascript optional nodejs_12.22.12~dfsg.orig.tar.xz 1a3e1146fe3a21db836f3d24168ce05a 175832 javascript optional nodejs_12.22.12~dfsg-1~deb11u6.debian.tar.xz 406e4e2f3f9d1f3915ac08878f729d35 11083 javascript optional nodejs_12.22.12~dfsg-1~deb11u6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAme86ZYACgkQADoaLapB CF+WxA//WrsZFPwOhxaxsKjT8FQHqAc0DiMw/+7bwZsgQgnTdQNBXI20IwiGvElM irAa1mYlaqyxu5bhYWto86h0FVZbo2KWjScYRm9h65gMlWmtHpq0YWoP00/g53z9 Tc/JSgj/qtmjuEdBmLTda5/hg17Y5Mna/9JgmLDRi7vt1R6pNduTkcbiZPXR20lz 0YQz924M+emitm78km+rbFT7Tga3ZNoQ/vSKnCVshvAPE7ZEQvNdSlWckaIKaX2n 04c/i6UMwY8mcb/B+BPg3oZqzhW0mJwYtmLBmxVFWZgWGA0WxXnBlYCb10hrqUE4 b8Mn2jOs06qzANJK5IFq5bT0tHttCrBPnPOjfPM1QzaY6t+i2/MEns+FQ4NsefwM gLhRyqpDtJrKOgoqtU74VY2cNtfYDT+CNYFbTOL9x4g+ut6h5AjWGKYdrU4ref7d 1h0hyrRswwMnOccL3EgUZcamO0Df1kXTmuwz6lUumbpNBAEMgkDasZAKIXMnQqos UGBX+5awBQXfH47vwigTkarQ8XWM9aUKicrhZiCzv+RJjRcxzYfso73vXglgUttL S06612K7TwWiIQRoEsIv+/kjyyP7kwas4zRllcQIAxsBZBx7diA25p7GTzQ2ABMR PPj9rYAYMwSlFpBsGLiI2pzkIUfPGDCDyGmTXuBPOV5xuNmsH0o= =WpiK -----END PGP SIGNATURE-----
