Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted nodejs 12.22.12~dfsg-1~deb11u7 (source) into oldstable-security
Date: Thu, 01 May 2025 19:00:21 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 27 Apr 2025 16:52:32 +0200
Source: nodejs
Architecture: source
Version: 12.22.12~dfsg-1~deb11u7
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 922075 1076350
Changes:
 nodejs (12.22.12~dfsg-1~deb11u7) bullseye-security; urgency=medium
 .
   * Static link libuv on 32bits architecture. Closes: #922075, #1076350
     Fix CVE-2025-47153:
     Certain build processes for libuv and Node.js for 32-bit systems
     have an inconsistent off_t size (e.g., building on i386 Debian always
     uses _FILE_OFFSET_BITS=64 for the libuv dynamic library,
     but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs),
     leading to out-of-bounds access
Checksums-Sha1:
 0e5a10841f0b06dc7ee08d34cfb540a002209f08 3480 nodejs_12.22.12~dfsg-1~deb11u7.dsc
 1fef218bb8d9f06059919565b50cc122dc10cebb 87112 nodejs_12.22.12~dfsg.orig-types-node.tar.xz
 502cfe0a9691d3974ca79e9f82aa4eed6eb24380 19005908 nodejs_12.22.12~dfsg.orig.tar.xz
 8c196139630eb56d3f66db19c92f4e9ef259c27e 178824 nodejs_12.22.12~dfsg-1~deb11u7.debian.tar.xz
 578eeb591c12ab6cfbbdabbe308f394c376a1310 11090 nodejs_12.22.12~dfsg-1~deb11u7_i386.buildinfo
Checksums-Sha256:
 f6fff82032a9870cadf5e33c7beeb10af555dc1f4a9cce92fd81ecaed39de6ff 3480 nodejs_12.22.12~dfsg-1~deb11u7.dsc
 e640dd32d922eed23cd5dabf56600cfd335ea5ce3c756dc96024adebf94555f8 87112 nodejs_12.22.12~dfsg.orig-types-node.tar.xz
 06f8eb29e52d5eb720c4ae2316b3c1b71efb12aa73bf27138f1cc776a7315aff 19005908 nodejs_12.22.12~dfsg.orig.tar.xz
 b3a8d22c6664960d9b645399707cf09100ef4a6dfb15bde2ac794fa22e5fc299 178824 nodejs_12.22.12~dfsg-1~deb11u7.debian.tar.xz
 af329aadbbe774938d747758ef254bf3262f0b126ad4996ce12a0ab9aac9d85e 11090 nodejs_12.22.12~dfsg-1~deb11u7_i386.buildinfo
Files:
 8325bead0a2e8795899e6d8ac785b2b4 3480 javascript optional nodejs_12.22.12~dfsg-1~deb11u7.dsc
 b3dc69de461763b2918b81ef426fe0ff 87112 javascript optional nodejs_12.22.12~dfsg.orig-types-node.tar.xz
 effb4e471c3cf4c7184d357a38985c56 19005908 javascript optional nodejs_12.22.12~dfsg.orig.tar.xz
 6af870aafa4a190ce04e85b58580795e 178824 javascript optional nodejs_12.22.12~dfsg-1~deb11u7.debian.tar.xz
 b395eda56e9a4492ad7cb8b199524260 11090 javascript optional nodejs_12.22.12~dfsg-1~deb11u7_i386.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmgTwqAACgkQADoaLapB
CF/KRRAAsGyRUcTk49S5nubwqhEdyicNOd88zJ9lUGT+jadCEAbhoQDTqOl3ofNR
u4MV/bPlsyRytSDEE4C16cjCrKUMubi5K2YleF52YNeCHdLJroVMsz6gvLhT9CCN
SKdVp7jXJzKyCg1NC3A7YCsljeDPS8BiYyHbmv18gKi/oTC0HS2LEA9tqgEtrHoK
GeUEV+EhEcR56CnkeNxB7aHlJ/FCDpZZOBHUcT7SUxqmIa86LlCX5jlG5zqBm2VS
YWbMgmhLK6aZaJIOAhhWJWU76LzCxJrIZJpsGI8Uerrfz45kZWK5qi6NHNiKAJay
PRORlhY6lIRWYlBxLAQRloxcvHyW/ypUNtHBeXYmWl6U5Zp5e72WHQGTaqxB5Sju
m82e/1nE0wjb1WJNWm1sF/NpxebPe3kfq+KZo7YlCXmJsKz2aJ3RLAR/XEV2CnwY
OuosgDPGguIlQPL+tbDoW8RVY/2PhYTZkgKaFLqhj0jcLiUOGu6MMiQe1cUn7a7h
IMPntmHH/SWfq9Dby04aWlYCdOwJHT1rVPKzo1KL13opP/POLPOSWhYAsxHtLsf5
SA3MY9vLw/eGqvpu5OKh4ez50MlURotrR0NC4FPF/lOW2YXHQJrBy7WaNBbJZc8G
jQwhUfHtLnR9XrRfPLP9tjDKkno1eqohTdEndGRR63f0u0v05UU=
=mvnj
-----END PGP SIGNATURE-----
News for package nodejs
