Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org> , <debian-experimental-changes@lists.debian.org>
Subject: Accepted nodejs 24.13.0+dfsg+~cs24.10.7-2 (source) into experimental
Date: Tue, 13 Jan 2026 15:35:21 +0000
Signed by: Jérémy Lal <kapouer@melix.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 13 Jan 2026 16:10:31 +0100
Source: nodejs
Architecture: source
Version: 24.13.0+dfsg+~cs24.10.7-2
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapouer@melix.org>
Changes:
 nodejs (24.13.0+dfsg+~cs24.10.7-2) experimental; urgency=medium
 .
   * Properly mention the CVE numbers this version fixes:
     + CVE-2025-59465 lib: add TLSSocket default error handler
     + CVE-2025-55132 lib: disable futimes when permission model is enabled
     + CVE-2025-55130 lib,permission: require full read and write to symlink APIs
     + CVE-2025-59466 src: rethrow stack overflow exceptions in async_hooks
     + CVE-2025-55131 src,lib: refactor unsafe buffer creation to remove zero-fill toggle
     + CVE-2026-21637 tls: route callback exceptions through error handlers
Checksums-Sha1:
 ee356d88b4a3204869008b2770a3d4da360eb124 4644 nodejs_24.13.0+dfsg+~cs24.10.7-2.dsc
 c332ec1a25d03e32ae069eaaf825d0ce99726152 164584 nodejs_24.13.0+dfsg+~cs24.10.7-2.debian.tar.xz
 119681d64f44196d1f75fd15a26660f142d324c7 11634 nodejs_24.13.0+dfsg+~cs24.10.7-2_source.buildinfo
Checksums-Sha256:
 9539a7cdeb7ae19570ddb9f517d00e51d56abfcf23d3efaf640ebfeca5da5158 4644 nodejs_24.13.0+dfsg+~cs24.10.7-2.dsc
 b7d0e57b5ebf85db5e1345bd476f39f3344ae0bff47839deb6c311dd2592d374 164584 nodejs_24.13.0+dfsg+~cs24.10.7-2.debian.tar.xz
 ca53984aa298ac84b965f5501bc5cee24581f3416f0fde50945e6a9a088e0725 11634 nodejs_24.13.0+dfsg+~cs24.10.7-2_source.buildinfo
Files:
 c61adb3e03e5934ea6c038e819fee1c9 4644 javascript optional nodejs_24.13.0+dfsg+~cs24.10.7-2.dsc
 0cb46f2cd2fac442b20931dd9a0a8233 164584 javascript optional nodejs_24.13.0+dfsg+~cs24.10.7-2.debian.tar.xz
 a4a5a93a5f526a7ab3ef8a63f86dda96 11634 javascript optional nodejs_24.13.0+dfsg+~cs24.10.7-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmlmYIASHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0Ty4QAL9Ss53xkd1xx2Vqx/+E9oBc0Cr7v8d9
ldQQOwQeCDThFxkeYL2vWaBq9Mq7i4bAAbrdDwTztaTVZfUFIi/jJiB7qgy7CoiI
wwL6fZPiKpcRUrDHClnb3z9u5KJ4x/dyfYbfmNgiMvW35yZHpVlvF2tdoOgvaOc7
8k5Fwjo663fnWvn8RNJrFMApoC21du1viUmEHCQ1L42+QJ2TMuDW9+oE23LythfY
L0Q8aghULrW/L09Yp4htz8YhByNShWpmwBpRBuvCpNZ7W0ldSgALbM4jQETtABW7
R08pVX8MDzLvF02x/MXL6N4ZiNXfz81B9NRehYTs2Ox348qNUUc60gBBiaE1udrz
WlGZNObjVXMwLWUY7pcLZG1ZUy1satyRkFEZ+OcocBqdlB65z/NZr4S6T75CtvYn
wU0nseCQ4QG8Y7kzhmGNgeYDTugT5ooeZm2IrtMkTnC52Ej9rFCpHMukKlKU42Xb
weAEjVFr5Qb3ZAnVjMP3V67QuzxIi/H1IKI/HDsnFhrGf24c3v42RRsEbkF7ZUje
jot0BOk1COOQzKKUUIVX3JTF/V5ifs+cigqVGhFRb+neYiWXqqc98B0hS+7qxx3+
9ns2dAwBkPnvVdv4/35bS0i/7ljdxrxsPq1knmDu8qNJXestdGvG7sFgt9wbKh5u
qLUc4JNVTwyn
=GnLQ
-----END PGP SIGNATURE-----

News for package nodejs