-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 14 Jan 2026 01:19:18 +0100
Source: nodejs
Architecture: source
Version: 22.22.0+dfsg+~cs22.19.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapouer@melix.org>
Changes:
nodejs (22.22.0+dfsg+~cs22.19.6-1) unstable; urgency=medium
.
* New upstream version 22.22.0+dfsg+~cs22.19.6
+ CVE-2025-59465 lib: add TLSSocket default error handler
+ CVE-2025-55132 lib: disable futimes when permission model is enabled
+ CVE-2025-55130 lib,permission: require full read and write to symlink APIs
+ CVE-2025-59466 src: rethrow stack overflow exceptions in async_hooks
+ CVE-2025-55131 src,lib: refactor unsafe buffer creation to remove zero-fill toggle
+ CVE-2026-21637 tls: route callback exceptions through error handlers
Checksums-Sha1:
260a46452252b98cdf00c2f722948c81eeedd3a2 4648 nodejs_22.22.0+dfsg+~cs22.19.6-1.dsc
36d594cccc87915a298fccaa4f30843f6a7af2ec 274900 nodejs_22.22.0+dfsg+~cs22.19.6.orig-ada.tar.xz
81abf9f21e0e803894b41e1412b28923ad6854ee 328180 nodejs_22.22.0+dfsg+~cs22.19.6.orig-types-node.tar.xz
96123da4a0f3118ec0669068a9d98cec3f47ede5 23064740 nodejs_22.22.0+dfsg+~cs22.19.6.orig.tar.xz
c44fd208789669f6d9ec3218d8f3244c0383e2f8 161952 nodejs_22.22.0+dfsg+~cs22.19.6-1.debian.tar.xz
a3431bde0c77f4e3fca1a5e8477a25daa40edcd0 11604 nodejs_22.22.0+dfsg+~cs22.19.6-1_source.buildinfo
Checksums-Sha256:
1e18ce9f2bf312544c27cf92e3b09199e574044534e63eea2da947a38d9738fd 4648 nodejs_22.22.0+dfsg+~cs22.19.6-1.dsc
26deff017c505b316f2498aaf293c896f4ab92b5349b367cf21fe14fa2cbd1e1 274900 nodejs_22.22.0+dfsg+~cs22.19.6.orig-ada.tar.xz
0d2f4fca434daa3becf93e9b98291ae3294bc5d27583038b8b6d89ff87dd9144 328180 nodejs_22.22.0+dfsg+~cs22.19.6.orig-types-node.tar.xz
1370e8f0cb15c7facc021a7140d70e1896f03b3aa765fcbf1039b1695d425622 23064740 nodejs_22.22.0+dfsg+~cs22.19.6.orig.tar.xz
53f9fffc078307d40dd6821d09cdf60f18088b4f9af90114bce678a85c5dcee0 161952 nodejs_22.22.0+dfsg+~cs22.19.6-1.debian.tar.xz
5428ded66977e45f402fda252be14ee47f3a5b15c3a4447332993dcd96db66a5 11604 nodejs_22.22.0+dfsg+~cs22.19.6-1_source.buildinfo
Files:
8b507676229bc1feec63838d6a9f9106 4648 javascript optional nodejs_22.22.0+dfsg+~cs22.19.6-1.dsc
fd9ff3be8b8b43905dd24c5af24aab16 274900 javascript optional nodejs_22.22.0+dfsg+~cs22.19.6.orig-ada.tar.xz
a07e85e60cb3a7b4a3739ebe110fa8e7 328180 javascript optional nodejs_22.22.0+dfsg+~cs22.19.6.orig-types-node.tar.xz
57a13ab409a52ffe4f4b7b7283ff83c9 23064740 javascript optional nodejs_22.22.0+dfsg+~cs22.19.6.orig.tar.xz
054f1ef83ef422a59c69d61abc5f83bc 161952 javascript optional nodejs_22.22.0+dfsg+~cs22.19.6-1.debian.tar.xz
de600233b3bc52669198c8efcf784e87 11604 javascript optional nodejs_22.22.0+dfsg+~cs22.19.6-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmlm4VMSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0Te4P/j6RSwtBAH4wb3QNoaxgZ2at1dW3EuHT
RcqRm17MDdj0CffJ3JeeaT9+hVzoYKaFaNw1QOFtBKjGiZe6Jk+cLuSinL/8KNyP
rmK3uo/cJfmgcJ2Cbz4v2k51aENzIBTS/WAlNyJh1pe+UovCrmo8d7QXD06nuHmc
hpzkOA10lCvGN4pX45zs6y+M5lVP3majR/KNNzzNqF5D7csoErf2ZIalojVGA9Nd
n5Gw3WZsxHGOETeN0VvnsnGcTs84/BJUxYxh90xMXGl8CNIUv5twTvN+P6e/qh4i
CFM11S0yyooolfeu03YdtaAOKoGuCMx/wtuwF7WFksiuZNw6Z41SBuJmr6lYJapb
vnUifEw0d81Hh6DQj3McKzT99TVOHIxq3PvjYwmzHpPaJx4rrktql0Z4bxGDzZPy
jYA+Zl93upbPnMOo6GveNnhdUwev+QDRJQaWMHt6/G1TvNFQll+OsBPLkkAjuSKK
/9RPBirUkLLyiKwd7vsYG2jzLgMNQMKj6ctfOBoOEgwTi8iflX0W1ZMUtFdsomNm
+/O1rxBLDMyHDls9AFhTOWN8m2KAntos4Yy967MYrtjh3C/YjWMmG/g1lUCWkt2n
4ccSCAV95JQZD3yiPUduBHPc8TNaCOoII6oscYSeSz1Z6MGgT8IePd0rWMtAS6jE
47Xu1hEADYcz
=Uiu6
-----END PGP SIGNATURE-----
